Sha256: 3248561e97ac2b94ca43eacd48fbf9bf8c8febebe3ecb0015b6e51d4e47ce2c7

Contents?: true

Size: 444 Bytes

Versions: 2

Compression:

Stored size: 444 Bytes

Contents

---
gem: passenger
cve: 2016-10345
url: https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
title:  Predictable tmp File Path Vulnerability in Phusion Passenger
date: 2017-04-18

description: >-
  In Phusion Passenger before 5.1.0, a known /tmp filename was used during
  passenger-install-nginx-module execution, which could allow local attackers
  to gain the privileges of the passenger user.

cvss_v3: 5.5

patched_versions:
  - ">= 5.1.0"

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
bundler-audit-0.6.1 data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml