Description
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
Remediation
References
Related Vulnerabilities
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-29052)
WordPress Plugin WP Doctor Potential Malicious Code (1.7)
WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Scripting (9.1)
WordPress Plugin Widgets for WooCommerce Products on Elementor Cross-Site Scripting (1.0.7)