CVE-2018-12028

NONE EPSS 55.2%
Published Jun 17, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 17, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

Threat Intelligence

EPSS Exploit Probability
55.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-732

Affected Products 1

VendorProductVersionRange
phusionpassenger*≥5.3.0  –  <5.3.2

References 2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.