Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libapache2-mod-passenger": "4.0.37-2", "ruby-passenger": "4.0.37-2", "ruby-passenger-doc": "4.0.37-2" } ] }