7 matches found
CVE-2026-53423
CVE-2026-53423 affects membrane_mp4_plugin (Elixir/Membrane) from version 0.3.0 up to
EEF-CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
Summary Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane\mp4\plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to\atom/1 without validation...
CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...
PT-2026-48648
Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane mp4 plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to atom/1 without validation...
EUVD-2026-31114
PhoenixStorybook: Unbounded atom creation from LiveView event params atom-table DoS...
CVE-2026-8469
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...
CVE-2026-34593
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...