Sha256: 70cfed5223ce2d30c2cf3af69fe556527280024554d44fa958979e3561f31c2e

Contents?: true

Size: 612 Bytes

Versions: 5

Compression:

Stored size: 612 Bytes

Contents

---
gem: passenger
cve: 2013-2119
osvdb: 93752
url: http://osvdb.org/show/osvdb/93752
title: Phusion Passenger Gem for Ruby Predictable Temporary Filename Generation Symlink Local Privilege Escalation
date: 2013-05-29
description: Phusion Passenger Gem for Ruby contains a flaw as the program creates
  temporary files insecurely. It is possible for a local attacker to use a symlink
  attack against the Nginx config file to cause the program to unexpectedly overwrite
  the file, allowing a local attacker to execute code with elevated privileges.
cvss_v2: 4.6
patched_versions:
  - "~> 3.0.21"
  - ">= 4.0.5"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml