Vulnerabilities

CVE-2013-4136

by Fred · 30/09/2013

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Date published : 2013-09-30

https://code.google.com/p/phusion-passenger/issues/detail?id=910

https://github.com/phusion/passenger/blob/release-4.0.6/NEWS

Similar

Tags: Cybersecurity Alert