FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-passenger -- arbitrary file read vulnerability

Affected packages
5.0.10 <= rubygem-passenger < 5.1.11


VuXML ID 8cf25a29-e063-11e7-9b2c-001e672571bc
Discovery 2017-10-13
Entry 2017-12-18

Phusion reports:

The cPanel Security Team discovered a vulnerability in Passenger that allows users to list the contents of arbitrary files on the system. CVE-2017-16355 has been assigned to this issue.


CVE Name CVE-2017-16355