RubySec

Providing security resources for the Ruby community

CVE-2012-6135 (passenger): Phusion Passenger Gem for Ruby Arbitrary File Deletion

ADVISORIES

GEM

passenger

SEVERITY

CVSS v2: 2.1

UNAFFECTED VERSIONS

  • < 4.0.0

PATCHED VERSIONS

  • >= 4.0.0

DESCRIPTION

Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.