Description

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Remediation

References

CVE-2013-2119

Related Vulnerabilities

MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)

WordPress Plugin Permalink Manager Lite Cross-Site Scripting (2.2.14)

SharePoint CVE-2021-42294 Vulnerability (CVE-2021-42294)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-5545)

WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)

Severity

Medium

Classification

CVE-2013-2119 CWE-264

Tags

Missing Update Known Vulnerabilities