Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phusion Passenger SpawningKit 安全漏洞
Vulnerability Description
Phusion Passenger是荷兰Phusion公司的一个用于在Apache和Nginx网页服务器上部署Ruby on Rails项目的Apache模块。SpawningKit是其中的一个组件。 Phusion Passenger 5.3.2之前的5.3.x版本中的SpawningKit存在安全漏洞。攻击者可通过将路径元素替换成符号链接利用该漏洞执行任意的读取和写入操作,从而泄露信息并提升权限。
CVSS Information
N/A
Vulnerability Type
N/A