24 matches found
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
Plug 安全漏洞
Plug is an open-source web application middleware and connection specification library developed by elixir-plug, targeting the Elixir ecosystem. Versions of Plug prior to 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2 contain security vulnerabilities. These vulnerabilities stem from unlimited buffer...
EUVD-2026-25845
Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 :scheme atom-table exhaustion...
CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...
elixir-plug Plug.Cowboy 安全漏洞
Elixir-Plug Plug.Cowboy is a configuration tool for the web server of the elixir-plug company. Versions of Elixir-Plug Plug.Cowboy from 2.0.0 to 2.8.1 had security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow unauthenticated remote attackers...
PT-2026-35422
Name of the Vulnerable Software and Affected Versions plug cowboy versions 2.0.0 through 2.8.0 Description An unauthenticated remote attacker can cause a denial of service via atom table exhaustion. In HTTP/2 connections, the Plug.Cowboy.Conn.conn/1 function in lib/plug/cowboy/conn.ex calls...
EUVD-2022-1640
Malicious code in bioql PyPI...
EUVD-2022-1597
Malicious code in bioql PyPI...
EUVD-2022-1690
Malicious code in bioql PyPI...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
Header Injection
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
GHSA-9H73-W7CH-RH73 Header Injection
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
Code injection
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
Elixir Plug Arbitrary Code Execution Vulnerability
Elixir Plug is a library for developing web applications based on Erlang VM. An arbitrary code execution vulnerability exists in the deserialization function of Plug.Session in Elixir Plug. A remote attacker can exploit this vulnerability to execute arbitrary code...
Elixir Plug Plug.Static Component Security Bypass Vulnerability
Elixir Plug is a library for developing web applications based on Erlang VM.Plug.Static is one of the static components. A security vulnerability exists in the Plug.Static component of Elixir Plug. A local attacker can exploit this vulnerability to bypass file type restrictions...
CVE-2017-1000052
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...