2 matches found
CVE-2026-34593
This CVE affects Ash Framework (Elixir) where Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for inputs starting with "Elixir." before module existence is verified. The atom creation can exhaust BEAM’s atom table (default ~1,048,576 entries) and ...
CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...