Medium severity5.3NVD Advisory· Published Jun 21, 2018· Updated Jun 17, 2026
CVE-2018-12615
CVE-2018-12615
Description
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
passengerRubyGems | < 5.3.2 | 5.3.2 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-4284-jfhc-f854ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-12615ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12615.ymlghsaWEB
News mentions
0No linked articles in our index yet.