Description

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Remediation

References

CVE-2013-4136

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6098)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

MySQL CVE-2016-9840 Vulnerability (CVE-2016-9840)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2017-12174)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-37823)

Severity

Medium

Classification

CVE-2013-4136 CWE-59

Tags

Missing Update Known Vulnerabilities