Description

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Remediation

References

CVE-2013-2119

Related Vulnerabilities

Drupal Core 4.7.x SQL Injection (4.7.0)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5589)

WordPress Plugin Like Dislike Counter SQL Injection (1.2.3)

Zope Web Application Server Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2021-32811)

WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)

Severity

Medium

Classification

CVE-2013-2119 CWE-264

Tags

Missing Update Known Vulnerabilities