5 matches found
CVE-2026-48597
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...
CVE-2026-48597
The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...
PT-2026-45840
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open conn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.to atomuri.scheme with no...
CVE-2026-47067
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...
EEF-CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
Summary Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 witho...