Description
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2024-43503 Vulnerability (CVE-2024-43503)
WordPress Plugin Login with phone number Cross-Site Scripting (1.4.1)
WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)
WordPress Plugin Link Optimizer Lite Cross-Site Request Forgery (1.4.5)