File Deletion Vulnerability in RubyGems Passenger by Phusion
CVE-2012-6135

7.5HIGH

Key Information:

Vendor

Ruby-passenger

Status
Ruby-passenger
Vendor
CVE Published:
19 November 2019

What is CVE-2012-6135?

The RubyGems Passenger versions 4.0.0 beta 1 and beta 2 have a vulnerability that permits remote attackers to delete arbitrary files during the application's startup phase. This can lead to unauthorized access or significant disruption of service. Users of these beta versions are advised to update to a secure release to mitigate the associated risks.

Affected Version(s)

ruby-passenger 4.0.53-1

References

https://security-tracker.debian.org/tracker/CVE-2012-6135
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/03/02/1
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/82533
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.