{"id":"CVE-2017-16355","details":"In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.","aliases":["GHSA-cv3f-px9r-54hm"],"modified":"2026-04-11T04:37:57.613688Z","published":"2017-12-14T22:29:00.210Z","related":["SUSE-SU-2018:0262-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4415"},{"type":"ADVISORY","url":"https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2019/Mar/34"},{"type":"FIX","url":"https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phusion/passenger","events":[{"introduced":"6c1e97c21d2eed80d8509254b8101cf69b6dbea4"},{"fixed":"964eb13ba0d3627142b83637c73a7e5a2c4b0b9c"},{"introduced":"6c1e97c21d2eed80d8509254b8101cf69b6dbea4"},{"fixed":"5ea7a4b440c973c30a8f54f8c6a9b861024602f0"},{"fixed":"4043718264095cde6623c2cbe8c644541036d7bf"}],"database_specific":{"versions":[{"introduced":"5.0.10"},{"fixed":"5.1.10"},{"introduced":"5.0.10"},{"fixed":"5.1.11"}]}}],"versions":["release-5.0.10","release-5.0.11","release-5.0.13","release-5.0.14","release-5.0.15","release-5.0.16","release-5.0.17","release-5.0.18","release-5.0.22","release-5.0.23","release-5.0.24","release-5.0.25","release-5.0.26","release-5.0.27","release-5.0.28","release-5.0.29","release-5.0.30","release-5.1.0","release-5.1.7","release-5.1.8","release-5.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16355.json","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2017-16355-297b2d1f","digest":{"threshold":0.9,"line_hashes":["188108554379607614220408906131671004367","47674428853023741347191324953567509750","1792099942954668015730090861725044908","109811301887705726907708903789478405056","206675640168240253807700792709823613926","62383632112134691715630883751270014217"]},"target":{"file":"test/cxx/Core/SpawningKit/SpawnerTestCases.cpp"},"source":"https://github.com/phusion/passenger/commit/5ea7a4b440c973c30a8f54f8c6a9b861024602f0"},{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2017-16355-bb6469dd","digest":{"threshold":0.9,"line_hashes":["268799682548938772947881921096668350310","117681501307321166777979843663423129027","280083727406545110470011300718420250903","222560687676110990119119317121042802472","235854114548696804817144001729705555967","83449442481079981626893397623410921398","320115127452501949654491876132754416636","207948168575058203827937063282176268874","327753644294967020574950308097127961444","130370208306564958597886905471594157991","55551024395305749768445773965125912360"]},"target":{"file":"src/agent/Core/SpawningKit/Spawner.h"},"source":"https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"}],"vanir_signatures_modified":"2026-04-11T04:37:57Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}