5 matches found
CVE-2026-49098
CVE-2026-49098 (Apache Camel) affects the Camel-Kafka component. The issue arises from using non-Camel-prefixed kafka.* header constants (e.g., kafka.OVERRIDE_TOPIC) which bypass upstream HTTP header filtering, allowing an HTTP client to redirect messages to arbitrary Kafka topics via the kafka.O...
EUVD-2026-31111
PhoenixStorybook has cross-session PubSub topic injection via URL parameter...
PhoenixStorybook has cross-session PubSub topic injection via URL parameter
Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...
EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook
Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...
PhoenixStorybook 安全漏洞
PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.4.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user-controlled keys. Attackers...