PT-2018-9599 · Elixir · Plug

Publicado

2018-12-20

Atualizado

2022-04-12

CVE-2018-1000883

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Elixir Plug Plug versions prior to 1.0.6 Elixir Plug Plug versions prior to 1.1.9 Elixir Plug Plug versions prior to 1.2.5 Elixir Plug Plug versions prior to 1.3.5

Description: The issue is related to a Header Injection vulnerability in the Connection component. This can be exploited by crafting a specific value to be sent as a cookie, allowing headers to be added. The vulnerability appears to be exploitable via sending a crafted cookie value.

Recommendations: For versions prior to 1.0.6, update to version 1.0.6 or later. For versions prior to 1.1.9, update to version 1.1.9 or later. For versions prior to 1.2.5, update to version 1.2.5 or later. For versions prior to 1.3.5, update to version 1.3.5 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-1000883

GHSA-9H73-W7CH-RH73

Produtos afetados

Plug

PT-2018-9599 · Elixir · Plug

CVE-2018-1000883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6