Symlink File Overwrite The advisory has been revoked - it doesn't affect any version of package passenger Open this link in a new tab
Threat Intelligence
EPSS
0.91% (83rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-PASSENGER-20022
- published 31 Jan 2012
- disclosed 31 Jan 2012
- credit Unknown
Introduced: 31 Jan 2012
CVE-2012-6135 Open this link in a new tabOverview
passenger is a modern web server and application server for Ruby, Python and Node.js, optimized for performance, low memory usage and ease of use.
Affected versions of this gem create the server instance directory insecurely. An attacker can create a symlink to overwrite an otherwise inaccessible file, possibly inserting content provided by the attacker.
This vulnerability is triggered during application startup. If the program has completed the start up process this vulnerability is no longer exploitable.