Back to search
CVE-2018-12028
Published: Jun 17, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://blog.phusion.nl/passenger-5-3-2
x_refsource_MISC
GLSA-201807-02
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now