Plug Project: >> Plug >> 1.1.3 Security Vulnerabilities
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-20
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-07-17
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
CVSS Score
8.1
EPSS Score
0.012
Published
2017-07-17