Sha256: e8602dabd20f05c346d7a604a361a90148b4b3469cb0cb34867521cec5220771

Contents?: true

Size: 677 Bytes

Versions: 6

Compression:

Stored size: 677 Bytes

Contents

---
gem: passenger
cve: 2015-7519
url: https://blog.phusion.nl/2015/12/07/cve-2015-7519/
title: Phusion Passenger Server allows to overwrite headers in some cases
date: 2015-11-23
description: It is possible in some cases, for clients to overwrite headers
  set by the server, resulting in a medium level security issue.
  Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python
  applications, while Passenger 4 uses an SCGI-inspired format to pass
  headers to all applications. This implies a conversion to
  UPPER_CASE_WITH_UNDERSCORES whereby the difference between characters
  like '-' and '_' is lost.

patched_versions:
  - "~> 4.0.60"
  - ">= 5.0.22"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml