Description
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2061 Vulnerability (CVE-2021-2061)
WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)
MySQL CVE-2013-0371 Vulnerability (CVE-2013-0371)
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)