Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Plug ProjectPlug

3 matches found

CVE
CVEadded 2017/07/13 8:0 p.m.50 views

CVE-2017-1000052

CVE-2017-1000052 affects Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2, where the Plug.Static component is vulnerable to a null byte injection that may allow bypassing filetype restrictions. The issue enables a local attacker to exploit the static file serving path, with impact described a...

7.8CVSS7.7AI score0.00246EPSS
CVE
CVEadded 2017/07/13 8:0 p.m.45 views

CVE-2017-1000053

Elixir Plug prior to v1.0.4, v1.1.7, v1.2.3, and v1.3.2 is vulnerable to arbitrary code execution via deserialization in Plug.Session. The issue stems from the deserialization functions of Plug.Session, per CVE-2017-1000053. NVD notes a base score of 6.8 (MEDIUM) under CVSS2 and 8.1 (HIGH) under ...

8.1CVSS8.3AI score0.01075EPSS
CVE
CVEadded 2018/12/20 8:0 p.m.44 views

CVE-2018-1000883

CVE-2018-1000883 affects Elixir Plug’s Plug library with a header-injection in Connection that can occur when crafting a cookie value, allowing header manipulation. Mitigation: fixed in >= 1.3.5 or ~>1.2.5, ~>1.1.9, or ~>1.0.6.

6.5CVSS6.6AI score0.0025EPSS