Phusion Passenger before 4.0.38 allows local users to write to certain files and directories via a symlink attack on
1. control_process.pid or
2. a generation-* file.
| Score | Percentile |
|---|---|
| 0.07% | 20.59% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-c7j7-p5jq-26ff ↗ |
| CVE | CVE-2014-1831 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| rubygems | passenger | < 4.0.38 | 4.0.38 | — |