Lucene search
K

8 matches found

Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS
Exploits0References7
OSV
OSV
added 2026/05/08 8:24 p.m.4 views

GHSA-628H-Q48J-JR6Q Phoenix: Long-poll NDJSON body splitting causes large memory allocation

Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/05 5:31 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type: application/x-ndjson. A...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 5:31 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:17 p.m.5 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 3:17 p.m.9 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 3:17 p.m.8 views

EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37059

Name of the Vulnerable Software and Affected Versions phoenix versions 1.7.0 through 1.7.21 phoenix version 1.8.6 Description An issue in the long-poll transport's NDJSON body handling allows a denial of service. In the publish/4 function of Elixir.Phoenix.Transports.LongPoll, POST requests with...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References9
Rows per page
Query Builder