GHSA-2Q6V-32MR-8P8X Null Byte Injection in Plug.Static

Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow users to bypass filetype restrictions. We recommend all applications that provide file upload functionality and serve those uploaded files locally with...

Elixir Plug Plug.Static Component Security Bypass Vulnerability

Elixir Plug is a library for developing web applications based on Erlang VM.Plug.Static is one of the static components. A security vulnerability exists in the Plug.Static component of Elixir Plug. A local attacker can exploit this vulnerability to bypass file type restrictions...