VulnerableCode Vulnerability Details - VCID-yfmc-ybkr-xbbg

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-yfmc-ybkr-xbbg

Essentials
Severities (13)
References (13)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yfmc-ybkr-xbbg
Aliases	CVE-2014-1832 GHSA-qw8w-2xcp-xg59 OSV-102613
Summary	Server Instance Directory Creation Local Symlink File Overwrite This package contains a flaw as the program creates the server instance directory insecurely. It is possible for a local attacker to use a symlink attack against the directory to cause the program to unexpectedly overwrite an arbitrary file.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-377	Insecure Temporary File

System	Score	Found at
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
generic_textual	LOW	http://openwall.com/lists/oss-security/2014/01/29/6
generic_textual	LOW	http://openwall.com/lists/oss-security/2014/01/30/3
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2014-1832
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2014-1832
generic_textual	LOW	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
generic_textual	LOW	https://bugzilla.redhat.com/show_bug.cgi?id=1058992
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-qw8w-2xcp-xg59
generic_textual	LOW	https://github.com/advisories/GHSA-qw8w-2xcp-xg59
generic_textual	LOW	https://github.com/phusion/passenger
generic_textual	LOW	https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2014-1832

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
		http://openwall.com/lists/oss-security/2014/01/29/6
		http://openwall.com/lists/oss-security/2014/01/30/3
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1832.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-1832
		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
		https://bugzilla.redhat.com/show_bug.cgi?id=1058992
		https://github.com/advisories/GHSA-qw8w-2xcp-xg59
		https://github.com/phusion/passenger
		https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744
		https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
		https://nvd.nist.gov/vuln/detail/CVE-2014-1832

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.20875
EPSS Score	0.00067
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:36:21.718294+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/passenger/CVE-2014-1832.yml	38.6.0