It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. (CVE-2017-16355)
It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perform a symlink attack. An attacker could possibly use this issue to escalate privileges. (CVE-2018-12029)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "ruby-passenger": "5.0.27-2ubuntu0.1~esm1", "libapache2-mod-passenger-dbgsym": "5.0.27-2ubuntu0.1~esm1", "passenger-dbgsym": "5.0.27-2ubuntu0.1~esm1", "libapache2-mod-passenger": "5.0.27-2ubuntu0.1~esm1", "passenger-doc": "5.0.27-2ubuntu0.1~esm1", "passenger": "5.0.27-2ubuntu0.1~esm1", "ruby-passenger-doc": "5.0.27-2ubuntu0.1~esm1" } ] }