hex_core has Unsafe Deserialization of Erlang Terms
Impact The Hex client hexcore deserializes Erlang terms received from the Hex API using binarytoterm/1 without sufficient restrictions. If an attacker can control the HTTP response body returned by the Hex API, this allows denial-of-service attacks such as atom table exhaustion, leading to a VM...