288 matches found
CVE-2020-15150
There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...
CVE-2020-15150
There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...
Remote code execution
There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...
CVE-2020-15150
CVE-2020-15150 affects the Paginator Elixir/Hex package. The vulnerability allows Remote Code Execution via input parameters to the paginate() function, potentially impacting all users before version 1.0.0. A fix is available in version 1.0.0, which requires Elixir >= 1.5. The connected docume...
CVE-2020-15150 Remote Code Execution in paginator(hex)
There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...
CVE-2019-15160
The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...
CVE-2019-15160
The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...
CVE-2019-15160
The CVE-2019-15160 entry concerns the SweetXml (aka sweet_xml) package for Erlang and Elixir, affected through version 0.6.6. The root cause is an XML entity expansion (XML bomb) vulnerability involving an inline DTD, which allows an attacker to cause resource consumption leading to denial of ser...
CVE-2019-15160
The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...
Code injection
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...
CVE-2018-1000883
CVE-2018-1000883 affects Elixir Plug’s Plug library with a header-injection in Connection that can occur when crafting a cookie value, allowing header manipulation. Mitigation: fixed in >= 1.3.5 or ~>1.2.5, ~>1.1.9, or ~>1.0.6.
Remote code execution
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...
CVE-2017-1000212
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...
CVE-2017-1000212
CVE-2017-1000212 affects the Elixir Vim plugin alchemist.vim, specifically the bundled alchemist-server. A malicious website can send requests to an ephemeral localhost port, which are then evaluated as Elixir code, enabling remote code execution. The issue is documented with high/critical CVSS m...
CVE-2017-1000212
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...
Elixir Plug Arbitrary Code Execution Vulnerability
Elixir Plug is a library for developing web applications based on Erlang VM. An arbitrary code execution vulnerability exists in the deserialization function of Plug.Session in Elixir Plug. A remote attacker can exploit this vulnerability to execute arbitrary code...
Elixir Plug Plug.Static Component Security Bypass Vulnerability
Elixir Plug is a library for developing web applications based on Erlang VM.Plug.Static is one of the static components. A security vulnerability exists in the Plug.Static component of Elixir Plug. A local attacker can exploit this vulnerability to bypass file type restrictions...