Vulnerabilities > Phusion
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-29 | CVE-2013-7134 | Credentials Management vulnerability in Phusion Juvia Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | 7.5 |
2013-09-30 | CVE-2013-4136 | Link Following vulnerability in Phusion Passenger ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | 4.4 |