📦

passenger

Vendor: phusion

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 52 Total Indexed

Avg. EPSS 0.30% Exploit Prob.

Latest CVE CVE-2025-26803 Feb 24

Security Vulnerability Index

Page 2 / 6

2.1 CVSS

CVE-2014-1831

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

EPSS: 0.07%

Severity: LOW

Feb 19, 2015

4.6 CVSS

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

EPSS: 0.06%

Severity: MEDIUM

Jan 03, 2014

4.4 CVSS

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

EPSS: 0.04%

Severity: MEDIUM

Sep 30, 2013

Displaying 3 of 52 Total Entries

1 2 3 4 5 ... 6

Total 6 Sections