CVE-2018-12028
NONE EPSS 55.2%
Published Jun 17, 20188y ago · Modified Jun 17, 20262w ago
Published Jun 17, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
Threat Intelligence
EPSS Exploit Probability
55.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-732
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| phusion | passenger | * | ≥5.3.0 – <5.3.2 |
References 2
- blog.phusion.nl https://blog.phusion.nl/passenger-5-3-2
- security.gentoo.org https://security.gentoo.org/glsa/201807-02
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.