GHSA-jjhj-8gx7-x836

Suggest an improvement
Source
https://github.com/advisories/GHSA-jjhj-8gx7-x836
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jjhj-8gx7-x836/GHSA-jjhj-8gx7-x836.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jjhj-8gx7-x836
Aliases
Published
2022-05-13T01:49:24Z
Modified
2024-02-16T08:04:43.770355Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Incorrect Access Control in Phusion Passenger
Details

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

References

Affected packages

RubyGems / passenger

Package

Name
passenger
Purl
pkg:gem/passenger

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.3.2

Affected versions

5.*

5.3.0
5.3.1