4 matches found
@knocklabs/client (>=0.21.6 <=0.21.13), @knocklabs/expo (>=0.5.0 <=0.6.7) +8 more potentially affected by CVE-2026-32689 via phoenix (>=1.8.0 <=1.8.5)
phoenix NPM version =1.8.0, =0.21.6, =0.5.0, =0.1.0, =0.1.1, =0.1.1, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =2.1.8, =2.5.1 Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...
@abtnode/analytics (>=1.16.13 <=1.17.13-beta-20260512-042419-7b556a38), @abtnode/auth (>=1.3.13 <=1.17.13-beta-20260512-042419-7b556a38) +208 more potentially affected by CVE-2026-32689 via phoenix (>=1.7.10 <=1.7.21)
phoenix NPM version =1.7.10, =1.16.13, =1.3.13, =1.1.12, =1.6.23, =1.16.6, =1.0.0, =1.16.33, =1.0.0, =1.0.35, =1.16.33, =1.0.2, =1.16.33, =1.16.33, =1.0.0, =1.17.13-beta-20260512-042419-7b556a38 and more Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...
CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...