Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-48853

A flaw was found in the grpc component of elixir-grpc. This vulnerability allows unauthenticated attackers to send specially crafted messages, leading to two critical outcomes. First, it can cause a Denial of Service DoS by crashing the Erlang virtual machine BEAM node. Second, under certain...

9.8CVSS7.5AI score0.00573EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 11:16 p.m.11 views

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 9:56 p.m.6 views

CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:56 p.m.6 views

EEF-CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

Summary Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote...

9.2CVSS6.5AI score0.00573EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.31 views

CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.7 views

EEF-CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex,...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.5 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.34 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:55 p.m.19 views

CVE-2026-48599

This CVE affects elixir-grpc/grpc (HTTP transcoding) where path-bound fields can be overridden by attacker-controlled values due to Map.merge/2 precedence in Elixir.GRPC.Server.Transcode:map_request/5. The underlying issue allows an authenticated attacker to access or modify resources of other us...

7.6CVSS5.4AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.6 views

CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.35 views

CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.4 views

EEF-CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read\full\body/3...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:55 p.m.13 views

CVE-2026-48854

The CVE-2026-48854 affects the elixir-grpc/grpc project. The vulnerability resides in Elixir.GRPC.Server.Adapters.Cowboy.Handler:read_full_body/3, which accumulates every received chunk into a growing binary with no size cap. If the grpc-timeout header is omitted, per-chunk read timeouts resolve ...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-49535

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.4.0 through 0.9.x Description Improper handling of highly compressed data in the GRPC.Compressor.Gzip and GRPC.Message modules allows a denial of service via a gzip decompression bomb. The function decompress/1 in...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References8
Rows per page
Query Builder