CVE-2020-15150 Remote Code Execution in paginator(hex)

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2020-15150

CVE-2020-15150 affects the Paginator Elixir/Hex package. The vulnerability allows Remote Code Execution via input parameters to the paginate() function, potentially impacting all users before version 1.0.0. A fix is available in version 1.0.0, which requires Elixir >= 1.5. The connected docume...

CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2019-15160

The CVE-2019-15160 entry concerns the SweetXml (aka sweet_xml) package for Erlang and Elixir, affected through version 0.6.6. The root cause is an XML entity expansion (XML bomb) vulnerability involving an inline DTD, which allows an attacker to cause resource consumption leading to denial of ser...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

Code injection

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2018-1000883

CVE-2018-1000883 affects Elixir Plug’s Plug library with a header-injection in Connection that can occur when crafting a cookie value, allowing header manipulation. Mitigation: fixed in >= 1.3.5 or ~>1.2.5, ~>1.1.9, or ~>1.0.6.

Remote code execution

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

CVE-2017-1000212

CVE-2017-1000212 affects the Elixir Vim plugin alchemist.vim, specifically the bundled alchemist-server. A malicious website can send requests to an ephemeral localhost port, which are then evaluated as Elixir code, enabling remote code execution. The issue is documented with high/critical CVSS m...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

Elixir Plug Arbitrary Code Execution Vulnerability

Elixir Plug is a library for developing web applications based on Erlang VM. An arbitrary code execution vulnerability exists in the deserialization function of Plug.Session in Elixir Plug. A remote attacker can exploit this vulnerability to execute arbitrary code...

Elixir Plug Plug.Static Component Security Bypass Vulnerability

Elixir Plug is a library for developing web applications based on Erlang VM.Plug.Static is one of the static components. A security vulnerability exists in the Plug.Static component of Elixir Plug. A local attacker can exploit this vulnerability to bypass file type restrictions...

kitto denial of service vulnerability

kitto is an interactive dashboard framework written using Elixir. A security vulnerability exists in kitto's processing memory, allowing remote attackers to exploit the vulnerability to submit special requests and obtain sensitive information...

CVE-2017-1000053

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session...

CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...