Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phusion Passenger 安全漏洞
Vulnerability Description
Phusion Passenger是荷兰Phusion公司的一个用于在Apache和Nginx网页服务器上部署Ruby on Rails项目的Apache模块。 Phusion Passenger 5.1.10版本中的agent/Core/SpawningKit/Spawner.h文件存在安全漏洞。攻击者可通过将REVISION文件从应用程序root文件夹符号链接到选择的文件利用该漏洞读取任意文件内容。
CVSS Information
N/A
Vulnerability Type
N/A