FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-passenger -- arbitrary file read vulnerability

Affected packages
5.0.10 <= rubygem-passenger < 5.1.11

Details

VuXML ID 8cf25a29-e063-11e7-9b2c-001e672571bc
Discovery 2017-10-13
Entry 2017-12-18

Phusion reports:

The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue.

[source]

References

CVE Name CVE-2017-16355
URL https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.