4 matches found
CVE-2019-16764
The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...
CVE-2019-16764
The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...
CVE-2019-16764 PowAssent is susceptible to denial of service attacks
The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...
CVE-2019-16764
Summary : CVE-2019-16764 concerns PowAssent (Elixir) where a value from user parameters is passed to String.to_atom/1 in PowAssent.Phoenix.AuthorizationController. This unsafe conversion can exhaust the atom table (≈1M atoms), causing a denial-of-service at runtime. The description is consistent ...