Filtered by vendor Phusion
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16355 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2019-10-28 | 1.2 LOW | 4.7 MEDIUM |
| In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | |||||
| CVE-2018-12615 | 1 Phusion | 1 Passenger | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. | |||||