ADVISORIES
- CVE-2012-6135 (NVD)
- GHSA-8mw8-j583-vqfg
- OSVDB-90738
- Vendor Advisory
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
CVSS v2.0: 2.1 (Low)
UNAFFECTED VERSIONS
- < 4.0.0.beta
PATCHED VERSIONS
- >= 4.0.0
DESCRIPTION
Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.