GHSA-8mw8-j583-vqfg

Source

https://github.com/advisories/GHSA-8mw8-j583-vqfg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-8mw8-j583-vqfg/GHSA-8mw8-j583-vqfg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8mw8-j583-vqfg

Aliases

CVE-2012-6135

Published

2022-04-23T00:40:14Z

Modified

2024-02-22T05:34:23.738720Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

RubyGems passenger gem allows remote attackers to delete files

Details

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

Affects both open source and Enterprise versions (4.0.0.beta1, 4.0.0.beta2).

Database specific

{
    "nvd_published_at": "2019-11-19T17:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-20T19:27:49Z"
}

References

Affected packages

RubyGems / passenger

Package

Name: passenger
Purl: pkg:gem/passenger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.0.rc4

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

2.*

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

3.*

3.0.0.pre1

3.0.0.pre2

3.0.0.pre3

3.0.0.pre4

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.17

3.0.18

3.0.19

3.0.21

3.9.1.beta

3.9.2.beta