8 matches found
CVE-2026-56811
The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...
EUVD-2026-27339
Phoenix: Long-poll NDJSON body splitting causes large memory allocation...
Phoenix: Long-poll NDJSON body splitting causes large memory allocation
Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...
CVE-2026-32689
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689
CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...
MAL-2024-10669 Malicious code in http-long-poll-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97d2b613846d6d46382d7e35948448e2562b6e56751ade4e47ddec292c2048c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...