Lucene search

K

Pow Security Vulnerabilities - February

cve
cve

CVE-2020-5205

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.

6.5CVSS

5.4AI Score

0.001EPSS

2020-01-09 02:15 AM
71
cve
cve

CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire...

6.5CVSS

6.6AI Score

0.001EPSS

2023-09-18 10:15 PM
27