Sha256: 28e6e3ac47d2b4fa0aa13556fb95648bc11ea63e43a80f71925a77095ba0904d
Contents?: true
Size: 625 Bytes
Versions: 1
Compression:
Stored size: 625 Bytes
Contents
--- gem: passenger cve: 2013-2119 osvdb: 93752 url: https://nvd.nist.gov/vuln/detail/CVE-2013-2119 title: Phusion Passenger Gem for Ruby Predictable Temporary Filename Generation Symlink Local Privilege Escalation date: 2013-05-29 description: Phusion Passenger Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the Nginx config file to cause the program to unexpectedly overwrite the file, allowing a local attacker to execute code with elevated privileges. cvss_v2: 4.6 patched_versions: - "~> 3.0.21" - ">= 4.0.5"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/passenger/CVE-2013-2119.yml |