Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/www-apache/passenger@5.3.2
Typeebuild
Namespacewww-apache
Namepassenger
Version5.3.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2m4t-x87m-8khj
vulnerability_id VCID-2m4t-x87m-8khj
summary 
Incorrect Permission Assignment for Critical Resource
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38748
published_at 2026-06-04T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38786
published_at 2026-06-08T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38814
published_at 2026-06-07T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38841
published_at 2026-06-06T12:55:00Z
4
value 0.00175
scoring_system epss
scoring_elements 0.38837
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12028
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/1e7c82deb4901c438f583737d8c9f2aac264737c
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12028.yml
6
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
reference_id 1592621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592621
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
reference_id CVE-2018-12028
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12028
9
reference_url https://github.com/advisories/GHSA-jjhj-8gx7-x836
reference_id GHSA-jjhj-8gx7-x836
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhj-8gx7-x836
fixed_packages
0
url pkg:ebuild/www-apache/passenger@5.3.2
purl pkg:ebuild/www-apache/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apache/passenger@5.3.2
aliases CVE-2018-12028, GHSA-jjhj-8gx7-x836
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m4t-x87m-8khj
1
url VCID-2vfx-fjka-pue8
vulnerability_id VCID-2vfx-fjka-pue8
summary 
Information Exposure
Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12027.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.5112
published_at 2026-06-04T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51135
published_at 2026-06-08T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.51165
published_at 2026-06-07T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.51186
published_at 2026-06-06T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.51181
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12027
2
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
3
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12027.yml
5
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
reference_id 1592619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592619
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
reference_id CVE-2018-12027
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12027
8
reference_url https://github.com/advisories/GHSA-whfx-877c-5p28
reference_id GHSA-whfx-877c-5p28
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whfx-877c-5p28
fixed_packages
0
url pkg:ebuild/www-apache/passenger@5.3.2
purl pkg:ebuild/www-apache/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apache/passenger@5.3.2
aliases CVE-2018-12027, GHSA-whfx-877c-5p28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vfx-fjka-pue8
2
url VCID-mg4k-v8q7-sqbb
vulnerability_id VCID-mg4k-v8q7-sqbb
summary 
Improper Link Resolution Before File Access
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78618
published_at 2026-06-08T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.7863
published_at 2026-06-07T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78639
published_at 2026-06-06T12:55:00Z
3
value 0.01123
scoring_system epss
scoring_elements 0.78631
published_at 2026-06-05T12:55:00Z
4
value 0.01123
scoring_system epss
scoring_elements 0.78603
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12026
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://github.com/phusion/passenger
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger
6
reference_url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phusion/passenger/commit/fd3717a3cd357aa0e80e1e81d4dc94a1eaf928f1
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12026.yml
8
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
reference_id 1592616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592616
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
reference_id CVE-2018-12026
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12026
11
reference_url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
reference_id GHSA-7cv3-gvmc-8mq5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cv3-gvmc-8mq5
fixed_packages
0
url pkg:ebuild/www-apache/passenger@5.3.2
purl pkg:ebuild/www-apache/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apache/passenger@5.3.2
aliases CVE-2018-12026, GHSA-7cv3-gvmc-8mq5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg4k-v8q7-sqbb
3
url VCID-u8cc-dmqe-5qec
vulnerability_id VCID-u8cc-dmqe-5qec
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard `passenger_instance_registry_dir` with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27041
published_at 2026-06-08T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.2709
published_at 2026-06-07T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27131
published_at 2026-06-06T12:55:00Z
3
value 0.00099
scoring_system epss
scoring_elements 0.27185
published_at 2026-06-05T12:55:00Z
4
value 0.00099
scoring_system epss
scoring_elements 0.2712
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12029
2
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
3
reference_url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
4
reference_url https://blog.phusion.nl/passenger-5-3-2
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.phusion.nl/passenger-5-3-2
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12029
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
9
reference_url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
10
reference_url https://security.gentoo.org/glsa/201807-02
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201807-02
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
reference_id 1592612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1592612
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
reference_id 921767
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
reference_id CVE-2018-12029
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12029
14
reference_url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
reference_id GHSA-jjcj-fgfm-9g9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcj-fgfm-9g9r
15
reference_url https://usn.ubuntu.com/USN-5261-1/
reference_id USN-USN-5261-1
reference_type
scores
url https://usn.ubuntu.com/USN-5261-1/
fixed_packages
0
url pkg:ebuild/www-apache/passenger@5.3.2
purl pkg:ebuild/www-apache/passenger@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apache/passenger@5.3.2
aliases CVE-2018-12029, GHSA-jjcj-fgfm-9g9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8cc-dmqe-5qec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/www-apache/passenger@5.3.2