Moderate severityNVD Advisory· Published Jan 3, 2014· Updated Apr 29, 2026
CVE-2013-2119
CVE-2013-2119
Description
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
passengerRubyGems | < 3.0.21 | 3.0.21 |
passengerRubyGems | >= 4.0.1, < 4.0.5 | 4.0.5 |
Affected products
25cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*range: <=3.0.20
- cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/nvdPatchVendor Advisory
- blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/nvdPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-1136.htmlnvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-9qj7-jvg4-qr2xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2119ghsaADVISORY
- blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-releasedghsaWEB
- blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-releasedghsaWEB
- access.redhat.com/errata/RHSA-2013:1136ghsaWEB
- access.redhat.com/security/cve/CVE-2013-2119ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2013-2119.ymlghsaWEB
News mentions
0No linked articles in our index yet.