Lucene search

K

Pow Security Vulnerabilities

cve
cve

CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may...

6.5CVSS

6.6AI Score

0.0005EPSS

2023-09-18 10:15 PM
21
cve
cve

CVE-2020-5205

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this...

6.5CVSS

5.4AI Score

0.001EPSS

2020-01-09 02:15 AM
65
cve
cve

CVE-2019-16764

The use of String.to_atom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.to_atom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...

6.5CVSS

5.3AI Score

0.0004EPSS

2019-11-25 05:15 PM
22