GHSA-2cj2-qqxj-5m3r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-2cj2-qqxj-5m3r/GHSA-2cj2-qqxj-5m3r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-2cj2-qqxj-5m3r
- Aliases
- Published
- 2025-02-24T18:32:42Z
- Modified
- 2025-03-02T08:11:48.315117Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Phusion Passenger denial of service
- Details
-
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
- Database specific
{ "github_reviewed_at": "2025-02-24T20:49:38Z", "cwe_ids": [ "CWE-908" ], "nvd_published_at": "2025-02-24T16:15:15Z", "github_reviewed": true, "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-26803
- https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
- https://blog.phusion.nl/2025/02/19/passenger-6-0-26
- https://github.com/phusion/passenger
- https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
- https://github.com/phusion/passenger/releases/tag/release-6.0.26
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2025-26803.yml
- https://www.phusionpassenger.com/support
Affected packages
RubyGems / passenger
Package
- Name
- passenger
- Purl
- pkg:gem/passenger