Passenger is vulnerable to privilege escalations. The application contains a race condition when a file is created, the permission assignment is done with the file path rather than the file descriptor, leading to improper assignments of permissions.
CPE | Name | Operator | Version |
---|---|---|---|
passenger | le | 5.3.1 | |
passenger:bionic | eq | 5.0.30 |