CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12028

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://blog.phusion.nl/passenger-5-3-2
https://security.gentoo.org/glsa/201807-02
https://blog.phusion.nl/passenger-5-3-2
https://security.gentoo.org/glsa/201807-02

Products affected by CVE-2018-12028

Phusion » Passenger » Version: 5.3.0

cpe:2.3:a:phusion:passenger:5.3.0
Phusion » Passenger » Version: 5.3.1

cpe:2.3:a:phusion:passenger:5.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12028

Products

Pricing

Contact Us