Phusion Passenger Gem for Ruby Arbitrary File Deletion
Published: February 01, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-6135 (NVD)
- GHSA: GHSA-8mw8-j583-vqfg
- OSVDB: OSVDB-90738
- Vendor Advisory: http://old.blog.phusion.nl/2013/03/05/phusion-passenger-4-0-beta-1-and-2-arbitrary-file-deletion-vulnerability/
GEM
SEVERITY
UNAFFECTED VERSIONS
< 4.0.0.beta
PATCHED VERSIONS
>= 4.0.0
DESCRIPTION
Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.