Skip to content

Commit

Permalink
Merge pull request #291 from sada/add-passenger-CVE-2016-10345
Browse files Browse the repository at this point in the history
Add passenger/ CVE-2016-10345.
  • Loading branch information
phillmv authored Jun 9, 2017
2 parents fda730f + fcce344 commit e524cfd
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions gems/passenger/CVE-2016-10345.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
gem: passenger
cve: 2016-10345
url: https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
title: Predictable tmp File Path Vulnerability in Phusion Passenger
date: 2017-04-18

description: >-
In Phusion Passenger before 5.1.0, a known /tmp filename was used during
passenger-install-nginx-module execution, which could allow local attackers
to gain the privileges of the passenger user.
cvss_v3: 5.5

patched_versions:
- ">= 5.1.0"

0 comments on commit e524cfd

Please sign in to comment.