High severityNVD Advisory· Published Nov 19, 2019· Updated Aug 6, 2024
CVE-2012-6135
CVE-2012-6135
Description
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
passengerRubyGems | < 4.0.0.rc4 | 4.0.0.rc4 |
Affected products
2- Range: 4.0.53-1
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-8mw8-j583-vqfgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6135ghsaADVISORY
- www.openwall.com/lists/oss-security/2013/03/02/1ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/82533ghsax_refsource_MISCWEB
- github.com/phusion/passenger/commit/8c6693e0818772c345c979840d28312c2edd4ba4ghsaWEB
- github.com/phusion/passenger/commit/8c6693e0818772c345c979840d28312c2edd4ba4ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2012-6135.ymlghsaWEB
- security-tracker.debian.org/tracker/CVE-2012-6135ghsax_refsource_MISCWEB
- web.archive.org/web/20200918164919/https://old.blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerabilityghsaWEB
- www.securityfocus.com/bid/58259mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.