Vulnerabilities > Phusion > Passenger > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-14 | CVE-2017-16355 | Information Exposure vulnerability in multiple products In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 1.2 |
| 2015-02-19 | CVE-2014-1831 | Unspecified vulnerability in Phusion Passenger Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | 2.1 |
| 2015-02-19 | CVE-2014-1832 | Incomplete Fix Insecure Temporary File Creation vulnerability in Ruby Phusion Passenger Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | 2.1 |