---
gem: passenger
cve: 2013-4136
osvdb: 94074
url: https://nvd.nist.gov/vuln/detail/CVE-2013-4136
title: Phusion Passenger Gem for Ruby Utils.cpp Temporary Directory Creation Symlink Local Privilege Escalation
date: 2013-06-10
description: Phusion Passenger Gem for Ruby contains a flaw as the program creates
  temporary directories insecurely. It is possible for a local attacker to use a
  symlink attack against the Utils.cpp file to allow the attacker to gain elevated
  privileges.
cvss_v2: 4.6
patched_versions:
  - ">= 4.0.8"