GHSA-9H73-W7CH-RH73 Header Injection

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...

GHSA-W98M-2XQG-9CVJ Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...

CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

Design/Logic Flaw

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43568

CVE-2021-43568 affects Stark Bank’s ecdsa-elixir library (version 1.0.0), where verify fails to enforce non-zero r and s, enabling signature forgery on arbitrary messages. Public advisories (GHSA-xx36-6rv4-gj8r, OSV, CNVD, CNVD- etc.) describe the issue and recommend upgrading to ecdsa-elixir v1....

Paginator Elixir Remote Code Execution (CVE-2020-15150)

A remote code execution vulnerability exists in Paginator Elixir . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-29575

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

CVE-2020-29575

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

Default credentials

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

CVE-2020-29575

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

CVE-2020-29575

The CVE-2020-29575 entry concerns the official elixir Docker images prior to 1.8.0-alpine (Alpine variant). The cited description states that these images contain a blank root password, enabling a remote attacker to gain root access on containers deployed with affected images. Connected documents...

Elixir Docker images Security Vulnerability

Docker is an open source application container engine from the American company Docker. It supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment and upgrading of...

Remote code execution

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...

GHSA-QV8Q-V995-72GR personnummer/csharp vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

Remote code execution

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...