ADVISORIES
- CVE-2013-4136 (NVD)
- GHSA-w6rc-q387-vpgq
- OSVDB-94074
GEM
SEVERITY
CVSS v2.0: 4.6 (Medium)
PATCHED VERSIONS
- >= 4.0.8
DESCRIPTION
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.