CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

Products affected by CVE-2018-1000883

Plug Project » Plug » Version: 1.1.0

cpe:2.3:a:plug_project:plug:1.1.0
Plug Project » Plug » Version: 1.1.1

cpe:2.3:a:plug_project:plug:1.1.1
Plug Project » Plug » Version: 1.1.2

cpe:2.3:a:plug_project:plug:1.1.2
Plug Project » Plug » Version: 1.1.3

cpe:2.3:a:plug_project:plug:1.1.3
Plug Project » Plug » Version: 1.1.4

cpe:2.3:a:plug_project:plug:1.1.4
Plug Project » Plug » Version: 1.1.5

cpe:2.3:a:plug_project:plug:1.1.5
Plug Project » Plug » Version: 1.1.6

cpe:2.3:a:plug_project:plug:1.1.6
Plug Project » Plug » Version: 1.1.7

cpe:2.3:a:plug_project:plug:1.1.7
Plug Project » Plug » Version: 1.1.8

cpe:2.3:a:plug_project:plug:1.1.8
Plug Project » Plug » Version: 1.1.9

cpe:2.3:a:plug_project:plug:1.1.9
Plug Project » Plug » Version: 1.2.0

cpe:2.3:a:plug_project:plug:1.2.0
Plug Project » Plug » Version: 1.2.1

cpe:2.3:a:plug_project:plug:1.2.1
Plug Project » Plug » Version: 1.2.2

cpe:2.3:a:plug_project:plug:1.2.2
Plug Project » Plug » Version: 1.2.3

cpe:2.3:a:plug_project:plug:1.2.3
Plug Project » Plug » Version: 1.2.4

cpe:2.3:a:plug_project:plug:1.2.4
Plug Project » Plug » Version: 1.2.5

cpe:2.3:a:plug_project:plug:1.2.5
Plug Project » Plug » Version: 1.2.6

cpe:2.3:a:plug_project:plug:1.2.6
Plug Project » Plug » Version: 1.3.0

cpe:2.3:a:plug_project:plug:1.3.0
Plug Project » Plug » Version: 1.3.1

cpe:2.3:a:plug_project:plug:1.3.1
Plug Project » Plug » Version: 1.3.2

cpe:2.3:a:plug_project:plug:1.3.2
Plug Project » Plug » Version: 1.3.3

cpe:2.3:a:plug_project:plug:1.3.3
Plug Project » Plug » Version: 1.3.4

cpe:2.3:a:plug_project:plug:1.3.4
Plug Project » Plug » Version: 1.3.5

cpe:2.3:a:plug_project:plug:1.3.5
Plug Project » Plug » Version: 1.3.6

cpe:2.3:a:plug_project:plug:1.3.6
Plug Project » Plug » Version: 1.4.0

cpe:2.3:a:plug_project:plug:1.4.0
Plug Project » Plug » Version: 1.4.1

cpe:2.3:a:plug_project:plug:1.4.1
Plug Project » Plug » Version: 1.4.2

cpe:2.3:a:plug_project:plug:1.4.2
Plug Project » Plug » Version: 1.4.3

cpe:2.3:a:plug_project:plug:1.4.3
Plug Project » Plug » Version: 1.4.4

cpe:2.3:a:plug_project:plug:1.4.4
Plug Project » Plug » Version: 1.4.5

cpe:2.3:a:plug_project:plug:1.4.5
Plug Project » Plug » Version: 1.5.0

cpe:2.3:a:plug_project:plug:1.5.0
Plug Project » Plug » Version: 1.5.1

cpe:2.3:a:plug_project:plug:1.5.1
Plug Project » Plug » Version: 1.6.0

cpe:2.3:a:plug_project:plug:1.6.0
Plug Project » Plug » Version: 1.6.1

cpe:2.3:a:plug_project:plug:1.6.1
Plug Project » Plug » Version: 1.6.2

cpe:2.3:a:plug_project:plug:1.6.2
Plug Project » Plug » Version: 1.6.3

cpe:2.3:a:plug_project:plug:1.6.3
Plug Project » Plug » Version: 1.6.4

cpe:2.3:a:plug_project:plug:1.6.4
Plug Project » Plug » Version: 1.7.0

cpe:2.3:a:plug_project:plug:1.7.0
Plug Project » Plug » Version: 1.7.1

cpe:2.3:a:plug_project:plug:1.7.1
Plug Project » Plug » Version: 1.7.2

cpe:2.3:a:plug_project:plug:1.7.2
Plug Project » Plug » Version: 1.8.0

cpe:2.3:a:plug_project:plug:1.8.0
Plug Project » Plug » Version: 1.8.1

cpe:2.3:a:plug_project:plug:1.8.1
Plug Project » Plug » Version: 1.8.2

cpe:2.3:a:plug_project:plug:1.8.2
Plug Project » Plug » Version: 1.8.3

cpe:2.3:a:plug_project:plug:1.8.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000883

Products

Pricing

Contact Us