Lucene search
K

71 matches found

EUVD
EUVD
added 2026/05/14 1:8 p.m.19 views

EUVD-2026-28798

Absinthe: Unbounded atom creation from parsed directive name...

8.2CVSS5.8AI score0.00613EPSS
Exploits1References5
OSV
OSV
added 2026/05/14 1:8 p.m.5 views

GHSA-QF4G-9FQQ-MMM7 Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

8.2CVSS6AI score0.00613EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/14 1:8 p.m.11 views

Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

8.2CVSS6AI score0.00613EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/05/08 4:16 p.m.43 views

CVE-2026-42793

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS0.00613EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/08 3:42 p.m.60 views

CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS0.00613EPSS
Exploits1References4
OSV
OSV
added 2026/05/08 3:42 p.m.35 views

EEF-CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Summary Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language...

8.2CVSS5.9AI score0.00613EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:42 p.m.8 views

CVE-2026-42793

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS5.9AI score0.00613EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/08 3:42 p.m.17 views

CVE-2026-42793

CVE-2026-42793 affects absinthe-graphql/Absinthe. The vulnerability allows unauthenticated denial of service by exhausting the BEAM atom table via attacker-controlled GraphQL SDL names parsed in Absinthe’s SDL language modules (String.to_atom/1). Each unique name permanently consumes an atom-tabl...

8.2CVSS5.9AI score0.00613EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:42 p.m.6 views

CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS5.9AI score0.00613EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39146

Name of the Vulnerable Software and Affected Versions absinthe versions 1.5.0 through 1.10.1 Description An unauthenticated denial of service can occur via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in the SDL language...

8.2CVSS5.8AI score0.00613EPSS
Exploits1References11
EUVD
EUVD
added 2026/05/05 9:46 p.m.7 views

EUVD-2026-25845

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 :scheme atom-table exhaustion...

8.7CVSS5.8AI score0.00545EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 9:46 p.m.15 views

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

8.7CVSS5.9AI score0.00545EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.11 views

CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS5.6AI score0.00545EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 2:16 p.m.5 views

CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS0.00545EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 1:45 p.m.6 views

CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS5.5AI score0.00545EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 1:45 p.m.6 views

EEF-CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. Fo...

8.7CVSS5.6AI score0.00545EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 1:45 p.m.4 views

CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS5.5AI score0.00545EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.4 views

PT-2026-35422

Name of the Vulnerable Software and Affected Versions plug cowboy versions 2.0.0 through 2.8.0 Description An unauthenticated remote attacker can cause a denial of service via atom table exhaustion. In HTTP/2 connections, the Plug.Cowboy.Conn.conn/1 function in lib/plug/cowboy/conn.ex calls...

8.7CVSS5.8AI score0.00545EPSS
Exploits0References14
NVD
NVD
added 2026/04/02 6:16 p.m.4 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS0.00423EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 5:42 p.m.2 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References2
Rows per page
Query Builder