Vulnerabilities > Phusion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-17 | CVE-2018-12026 | Link Following vulnerability in Phusion Passenger 5.3.0/5.3.1 During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. | 7.5 |
| 2014-04-29 | CVE-2013-7134 | Credentials Management vulnerability in Phusion Juvia Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | 7.5 |