Vulnerability Details CVE-2017-20166
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
- https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
- https://github.com/elixir-ecto/ecto/pull/2125
- https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU
- https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
- https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
- https://github.com/elixir-ecto/ecto/pull/2125
- https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU
Products affected by CVE-2017-20166
-
cpe:2.3:a:ecto_project:ecto:2.2.0