GHSA-9qj7-jvg4-qr2x

Source

https://github.com/advisories/GHSA-9qj7-jvg4-qr2x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-9qj7-jvg4-qr2x/GHSA-9qj7-jvg4-qr2x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9qj7-jvg4-qr2x

Aliases

CVE-2013-2119

Published

2017-10-24T18:33:37Z

Modified

2024-12-08T05:23:50.219453Z

Summary

Phusion Passenger Denial of Service

Details

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Database specific

{
    "nvd_published_at": "2014-01-03T18:54:00Z",
    "cwe_ids": [
        "CWE-377"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:29:24Z"
}

References

Affected packages

RubyGems / passenger

Package

Name: passenger
Purl: pkg:gem/passenger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.21

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

2.*

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

3.*

3.0.0.pre1

3.0.0.pre2

3.0.0.pre3

3.0.0.pre4

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.17

3.0.18

3.0.19

RubyGems / passenger

Package

Name: passenger
Purl: pkg:gem/passenger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.1

Fixed

4.0.5

Affected versions

4.*

4.0.1

4.0.2

4.0.3

4.0.4