rpm package
suse/rubygem-passenger&distro=SUSE Linux Enterprise Module for Containers 12
pkg:rpm/suse/rubygem-passenger&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12029 | — | < 5.0.18-12.9.1 | 5.0.18-12.9.1 | Jun 17, 2018 | A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file wa | ||
| CVE-2017-16355 | Med | 4.7 | < 5.0.18-12.5.1 | 5.0.18-12.5.1 | Dec 14, 2017 | In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from th | |
| CVE-2015-7519 | Low | 3.7 | < 5.0.18-6.1 | 5.0.18-6.1 | Jan 8, 2016 | agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) chara |
- CVE-2018-12029Jun 17, 2018affected < 5.0.18-12.9.1fixed 5.0.18-12.9.1
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file wa
- affected < 5.0.18-12.5.1fixed 5.0.18-12.5.1
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from th
- affected < 5.0.18-6.1fixed 5.0.18-6.1
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) chara