Sha256: 3a05d2d99ec5cfda4bdfcd6214ae433b226fe6dad55c84e40358f4d6002e0213

Contents?: true

Size: 457 Bytes

Versions: 3

Compression:

Stored size: 457 Bytes

Contents

---
gem: passenger
cve: 2016-10345
url: https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
title:  Predictable tmp File Path Vulnerability in Phusion Passenger
date: 2016-11-09

description: >-
  In Phusion Passenger before 5.1.0, a known /tmp filename was used during
  passenger-install-nginx-module execution, which could allow local attackers
  to gain the privileges of the passenger user.

cvss_v2: 4.6
cvss_v3: 7.8

patched_versions:
  - ">= 5.1.0"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml