CVE-2018-12615
Published
CVSS v3
N/A
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
A fast and robust web server and application server for Ruby, Python and Node.js
GitHub