CVE-2016-10345: Phusion Passenger uses a known /tmp filename
7.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.20263%
CWE
-
Published
8/21/2018
Updated
6/9/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
passenger | rubygems | < 5.1.0 | 5.1.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from using hardcoded /tmp/passenger-check.c filename in the PCRE check logic. The GitHub commit e5b4b082 shows the fix replaced this with Dir.mktmpdir to create unique temporary paths. The pcre_is_installed? function was directly handling this insecure file creation, making it the clear vulnerable function.