Lucene search
K

5 matches found

OSV
OSV
added 2026/05/08 8:24 p.m.4 views

GHSA-628H-Q48J-JR6Q Phoenix: Long-poll NDJSON body splitting causes large memory allocation

Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/05 5:31 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type: application/x-ndjson. A...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 5:31 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:17 p.m.5 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/05 3:17 p.m.7 views

EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
Rows per page
Query Builder