---
gem: passenger
cve: 2014-1832
osvdb: 102613
url: http://osvdb.org/show/osvdb/102613
title: Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite
date: 2014-01-29
description: Phusion Passenger contains a flaw as the program creates the server instance
  directory insecurely. It is possible for a local attacker to use a symlink attack against
  the directory to cause the program to unexpectedly overwrite an arbitrary file.
cvss_v2: 2.1
patched_versions:
  - ">= 4.0.38"