Description
Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)
WordPress Plugin Facebook Page Photo Gallery Cross-Site Scripting (2.0.9)
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2018-16476)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)