PT-2026-25321 · Hexpm+2 · Hex.Pm+1
Jzakharia1
·
Publicado
2026-03-13
·
Atualizado
2026-03-14
·
CVE-2026-23940
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
hexpm versions prior to 495f01607d3eae4aed7ad09b2f54f31ec7a7df01
hex.pm versions prior to 2026-03-10
Description
An uncontrolled resource consumption issue in hexpm allows for excessive allocation. Publishing an oversized package can cause Hex.pm to exhaust memory during the extraction of the uploaded package’s tarball. This can terminate the affected application instance, leading to a denial of service for package publishing and potentially other package-processing functionalities.
Recommendations
Versions prior to 495f01607d3eae4aed7ad09b2f54f31ec7a7df01 should be updated.
Versions prior to 2026-03-10 should be updated.
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hex.Pm
Hexpm