20 matches found
EUVD-2026-31975
obanweb missing authorization check on save-job event handler...
EUVD-2026-31974
obanweb: Unbounded range expansion in cron describe causes memory exhaustion...
CVE-2026-48593
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48592
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-48592
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-48593
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
EEF-CVE-2026-48592 Missing authorization check on save-job event handler in oban_web
Summary Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling...
CVE-2026-48592
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-48592 Missing authorization check on save-job event handler in oban_web
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-48592 Missing authorization check on save-job event handler in oban_web
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-48592
CVE-2026-48592 - Normal (concrete details available) Affected software: oban_web (Elixir Oban) prior to version 2.12.5. The vulnerability occurs in the LiveView component Elixir.Oban.Web.Jobs.DetailComponent during handling of the save-job event. The handle_event("save-job", ...) path does not pe...
CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48593
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48593
CVE-2026-48593 describes an uncontrolled resource consumption in oban_web’s cron rendering. The issue arises in the Elixir CronExpr describe/1 rendering path where unbounded cron ranges (e.g., 1-100000000) are parsed by parse_range/1 without bounds checks, then expand_dom_parts/1 and expand_dow_p...
EEF-CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Summary Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user...
PT-2026-43408
Name of the Vulnerable Software and Affected Versions oban web versions 2.12.0 through 2.12.4 Description Uncontrolled Resource Consumption in the Elixir.Oban.Web.CronExpr module allows memory exhaustion through unbounded cron range expansion. An attacker with permissions to schedule cron jobs ca...
PT-2026-43407
Name of the Vulnerable Software and Affected Versions oban web versions 2.12.0 through 2.12.4 Description A missing authorization issue in the Elixir.Oban.Web.Jobs.DetailComponent module allows unauthorized job worker substitution. The handle event"save-job", ... handler fails to perform...
Oban Web 安全漏洞
Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework. Versions 2.12.0 to 2.12.5 of Oban Web contained a security vulnerability. This vulnerability stemmed from the unlimited cron range expansion in the Elixir.Oban.Web.CronExpr module, which could...
Oban Web 安全漏洞
Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...