{"url":"http://public2.vulnerablecode.io/api/packages/52475?format=json","purl":"pkg:gem/passenger@5.0.0a","type":"gem","namespace":"","name":"passenger","version":"5.0.0a","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.22","latest_non_vulnerable_version":"5.3.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37999?format=json","vulnerability_id":"VCID-776a-5amc-5fhb","summary":"Header overwriting\nIt is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters like '-' and '_' is lost. See \"Affected use-cases\" in provided link to establish wether one particular application is affected.","references":[{"reference_url":"https://blog.phusion.nl/2015/12/07/cve-2015-7519/","reference_id":"CVE-2015-7519","reference_type":"","scores":[],"url":"https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52477?format=json","purl":"pkg:gem/passenger@5.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.0.22"}],"aliases":["CVE-2015-7519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-776a-5amc-5fhb"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/passenger@5.0.0a"}