Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby Phusion Passenger Gem ‘Utils.cpp’不安全临时文件创建漏洞
Vulnerability Description
Phusion Passenger是荷兰Phusion公司的一个用于在Apache和Nginx网页服务器上部署Ruby on Rails项目的Apache模块。 Ruby平台下Phusion Passenger gem 4.0.6之前版本中的ext/common/ServerInstanceDir.h文件中存在安全漏洞,该漏洞源于程序以不安全的方式创建和使用临时目录及文件。本地攻击者可通过在/tmp/目录下可预测名的目录发起符号链接攻击,利用该漏洞获取特权或可能修改任意目录的所有权。
CVSS Information
N/A
Vulnerability Type
N/A