RubyGems/passenger — 14 CVEs

CRITICAL9.8CVE-2018-12026Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability

>= 5.3.0, < 5.3.2

HIGH8.8CVE-2018-12027Insecure Permissions in Phusion Passenger

>= 5.3.0, < 5.3.2

HIGH7.8Incorrect Access Control in Phusion Passenger

>= 5.3.0, < 5.3.2

HIGH7.8Phusion Passenger uses a known /tmp filename

from 0, < 5.1.0

HIGH7.5RubyGems passenger gem allows remote attackers to delete files

from 0, < 4.0.0.rc4

HIGH7.0Phusion Passenger Race Condition Allows Privilege Escalation

>= 3.0.0, < 5.3.2

MEDIUM5.3Phusion Passenger denial of service

>= 6.0.21, < 6.0.26

MEDIUM5.3Phusion Passenger incorrect permission assignment

from 0, < 5.3.2

MEDIUM4.7Phusion Passenger information disclosure

from 0, < 5.1.11

LOW3.7Phusion Passenger allows remote attackers to spoof headers

from 0, < 4.0.60

—Insecure use of temporary files in Phusion passenger

>= 4.0.37, < 4.0.38

—Insecure use of temporary files in passenger

from 0, < 4.0.38

—Phusion Passenger Denial of Service

from 0, < 3.0.21

—insecure temporary directory usage in passenger

from 0, < 4.0.6

pkg:RubyGems/passenger