Lucene search
K

8 matches found

CVE
CVE
added yesterday8 views

CVE-2026-56811

The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...

8.7CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 2026/05/08 8:24 p.m.17 views

EUVD-2026-27339

Phoenix: Long-poll NDJSON body splitting causes large memory allocation...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/08 8:24 p.m.16 views

Phoenix: Long-poll NDJSON body splitting causes large memory allocation

Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.13 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 4:16 p.m.25 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 3:17 p.m.49 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 3:17 p.m.15 views

CVE-2026-32689

CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2024/11/13 5:17 p.m.5 views

MAL-2024-10669 Malicious code in http-long-poll-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97d2b613846d6d46382d7e35948448e2562b6e56751ade4e47ddec292c2048c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder