Peter Ullrich

**Name of the Vulnerable Software and Affected Versions** pragdave earmark versions 1.4.1 and later **Description** Improper neutralization of script in attributes in a web page allows stored cross-site scripting via unescaped HTML attribute values. The function ` make att1/2` in `lib/earmark/transform.ex` splices attribute values verbatim between double quotes. While text nodes are processed by an escape function that encodes double quotes as `"`, attribute values bypass this path. Consequently, a markdown link containing a double quote in the URL or title can close the attribute prematurely, allowing the browser to parse subsequent bytes as new HTML attributes and execute arbitrary JavaScript. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** grpc versions 0.3.1 through 0.9.x **Description** Unauthenticated attackers can exhaust the BEAM memory and crash the server by streaming a large or slow-trickle unary request body. The function `read full body/3` in 'Elixir.GRPC.Server.Adapters.Cowboy.Handler' accumulates every received chunk into a single growing binary without a size cap. Furthermore, if the client omits the `grpc-timeout` header, the per-chunk read timeout is set to infinity, enabling a slow-trickle client to maintain the connection indefinitely while memory consumption increases. A single connection is enough to exhaust server memory and crash the node. **Recommendations** Update to version 1.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** elixir-grpc versions 0.8.0 through 0.9.x **Description** Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in the `map request/5` function within `Elixir.GRPC.Server.Transcode` (lib/grpc/server/transcode.ex), where `Map.merge/2` is used with path bindings as the first argument, granting them the lowest merge precedence. Consequently, a request such as 'GET /users/me/profile?user id=victim' or a POST request containing `user id` in the body results in a decoded protobuf struct where the path-bound field is overwritten by the attacker-supplied value. This allows the bypass of handlers using these fields for authorization, ownership checks, or multi-tenancy scoping. This issue requires HTTP-to-gRPC transcoding to be enabled. **Recommendations** Update to version 1.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Elixir versions 1.5.0 through 1.20.0 **Description** Uncontrolled Resource Consumption in the standard library's Version module allows an attacker to cause a denial of service via CPU and memory exhaustion. The version parser converts numeric components to integers without bounding their length, forcing a super-linear, non-yielding base-10 to arbitrary-precision integer conversion through `String.to integer/1` (also known as `:erlang.binary to integer/1`). This process pins a BEAM scheduler, and larger components can trigger an uncaught `SystemLimitError` that crashes the calling process. A string of approximately one megabyte is sufficient to trigger this issue, and no authentication is required. The issue is reachable via the `parse digits/2` routine in `lib/version.ex` and public entry points including `Version.parse/1`, `Version.parse!/1`, `Version.match?/3`, `Version.compare/2`, and `Version.parse requirement/1`. **Recommendations** Update to version 1.20.1.

**Name of the Vulnerable Software and Affected Versions** elixir-grpc versions 0.4.0 through 0.9.x **Description** Improper handling of highly compressed data in the `GRPC.Compressor.Gzip` and `GRPC.Message` modules allows a denial of service via a gzip decompression bomb. The function `decompress/1` in `Elixir.GRPC.Compressor.Gzip` calls `:zlib.gunzip/1` on attacker-controlled bytes without a decompressed-size limit, ratio check, or incremental decoding. This occurs automatically when an incoming gRPC frame contains the `grpc-encoding: gzip` header. Since `:zlib.gunzip/1` allocates the entire decompressed result as a single binary, a small, highly compressible payload can expand to multiple gigabytes, exhausting the BEAM node's heap and triggering an out-of-memory kill. The `max receive message length` limit is ineffective as it is only enforced after decompression. This can be exploited by an unauthenticated remote peer using the `from data/2` function in `Elixir.GRPC.Message`. **Recommendations** Update to version 1.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** cowlib versions 2.9.0 and later **Description** Improper neutralization of CRLF sequences in HTTP headers allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. The function `escape string/2` in `cow http struct hd` only escapes backslashes and double quotes, passing other bytes verbatim. This creates an asymmetry where the parser accepts only printable ASCII, but the encoder emits any byte, including Carriage Return (CR) and Line Feed (LF). An application building a structured HTTP header via `item/1` in `cow http struct hd` (or wrappers like `wt protocol/1` in `cow http hd`) using attacker-controlled input can have CRLF sequences injected. These sequences terminate the current header, causing subsequent bytes to be interpreted as a new header. **Recommendations** For versions 2.9.0 and later, validate all values passed into structured-fields header builders, such as `item/1` in `cow http struct hd`, and reject any values containing CR or LF bytes or those not from a trusted source. As a temporary mitigation, restrict the use of attacker-controlled data within the `item/1` function of `cow http struct hd`.

**Name of the Vulnerable Software and Affected Versions** wojtekmach Req versions 0.5.3 through 0.5.9 **Description** Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows multipart parameter smuggling through attacker-influenced part metadata. The function `encode form part/2` in `lib/req/utils.ex` constructs per-part headers by interpolating the `name`, `filename`, and `content type` values directly into the content-disposition and content-type lines without escaping or stripping Carriage Return (CR) and Line Feed (LF) characters. A value containing quotes, `r`, or ` ` can close the quoted value and start a new header line. Furthermore, adding `r --<boundary>` can terminate the current part and prepend a smuggled part. This is especially accessible when the value is a `%File.Stream{}`, as the `filename` defaults to `Path.basename(stream.path)`, and POSIX filenames may contain `r` and ` `. Applications forwarding user-controlled filenames, field names, or MIME types through `Req.post/2` with `form multipart:` enable attackers to inject arbitrary headers or smuggle additional fields and parts into requests sent to downstream services. **Recommendations** Update to version 0.6.0. Sanitize attacker-influenced `name`, `filename`, and `content type` values before passing them to `Req.post/2` with `form multipart:` by rejecting or stripping any value containing `r`, ` `, or quotes. When forwarding uploads, derive the `filename` from a normalized string instead of using `Path.basename/1` on a user-controlled path.

**Name of the Vulnerable Software and Affected Versions** gun versions 2.0.0 through 2.3.x **Description** An issue in the `gun http` module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the `handle inform/8` function, the software verifies the syntax of the Upgrade header and the stream reference but fails to check if the client actually requested an upgrade via Upgrade or Connection: upgrade headers. Consequently, any 101 response triggers a `gun upgrade` message and transitions the connection to raw protocol mode. In this mode, `gun raw` disables flow control and re-arms socket active mode after every packet, enabling a server to flood the client with arbitrary bytes. These are forwarded as unbounded `gun data` messages, which can exhaust the owner process mailbox and BEAM memory, leading to a virtual machine crash. **Recommendations** Update to version 2.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** wojtekmach Req versions 0.1.0 through 0.6.0 **Description** Improper handling of highly compressed data allows attacker-controlled HTTP servers to exhaust memory in a client via decompression-bomb response bodies. The default response pipeline includes the functions `decode body()` and `decompress body()`. The `decode body()` function processes the server-supplied content-type and calls `:zip.extract(body, [:memory])` for application/zip, `:erl tar.extract({:binary, body}, [:memory])` for application/x-tar, and `:erl tar.extract({:binary, body}, [:memory, :compressed])` for application/gzip or .tgz. These operations return the full decompressed archive contents in memory without a total size cap. Additionally, `decompress body()` chains `:zlib`, `:brotli`, and `:ezstd` decoders based on the content-encoding header, allowing responses to inflate through multiple layers without bound. Since these steps are enabled by default, a small response can expand to multiple gigabytes, crashing the BEAM process. **Recommendations** Update to version 0.6.1. As a temporary workaround, disable automatic body decoding by passing `decode body: false` to `Req.new()` or `Req.get!()` for requests fetching attacker-influenced URLs. To skip the content-encoding decompression pipeline, pass `raw: true` to ensure the response body remains as raw bytes for size-checking before decompression.

**Name of the Vulnerable Software and Affected Versions** ninenines gun versions 1.0.0 through 2.3.x **Description** Uncontrolled Resource Consumption in the `gun http` module allows a malicious server to exhaust client memory through unbounded HTTP/1.1 response buffering. In the `handle()/5` function, three clauses accumulate incoming TCP data into the connection's buffer using binary concatenation without an upper-bound check. Specifically, the head clause appends data until the header terminator is found, the `body chunked` clause appends data when `cow http te:stream chunked()/2` indicates an incomplete chunk boundary, and the `body trailer` clause appends data until the trailing terminator is found. If the expected terminator never arrives, the binary grows indefinitely in the state. A malicious server can exploit this by sending a partial response that never completes, leading to unbounded heap growth. Since BEAM does not impose per-process heap limits by default, a single connection can exhaust all available memory on the node, resulting in a node-wide out-of-memory crash. **Recommendations** Update to version 2.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** ninenines gun versions 2.0.0 through 2.3.x **Description** An origin validation error in the `gun http2` module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the `push promise frame()` function, the `:authority` pseudo-header from an incoming PUSH PROMISE frame is stored in the promised stream record without verifying that it matches the connection origin. Subsequently, the `headers frame()` function calls `set cookie header()` using this unvalidated authority. This behavior violates protocol standards that require receivers to treat pushes for resources the server is not authoritative for as protocol errors. A malicious or compromised HTTP/2 server can use this to plant cookies for arbitrary third-party domains in the client's shared cookie store, potentially leading to session fixation or account takeover. This is exploitable when the software is configured with a `cookie store` and connects to an HTTP/2 server with server push enabled. **Recommendations** Update to version 2.4.0 or later. As a temporary mitigation, avoid connecting to HTTP/2 servers with server push enabled or disable the `cookie store` configuration.

**Name of the Vulnerable Software and Affected Versions** mint versions 0.2.0 through 1.8.x **Description** An issue exists where attacker-controlled HTTP/2 servers can exhaust memory in a client via PUSH PROMISE flooding. In the file lib/mint/http2.ex, the function `decode push promise headers and add response/5` inserts a `:reserved remote` entry into `conn.streams` for every promised stream ID. The function `assert valid promised stream id/2` only verifies that the promised ID is even and not already present, failing to consult `client settings.max concurrent streams` at the time of the promise. Because the concurrency cap is only checked when response HEADERS arrive, a server that sends PUSH PROMISE frames but withholds the matching HEADERS can pin entries in `conn.streams` without an upper bound, leading to memory exhaustion. This is possible because HTTP/2 server push is enabled by default via `client settings.enable push`. **Recommendations** Update to version 1.9.0 or later. As a temporary workaround, disable HTTP/2 server push on connections to untrusted servers by passing `client settings: [enable push: false]` to the `connect/4` function.

**Name of the Vulnerable Software and Affected Versions** tesla versions 1.4.0 through 1.18.2 **Description** Improper handling of case sensitivity in the `Tesla.Middleware.FollowRedirects` middleware allows credential leakage to third-party origins during cross-origin redirects. The system uses a case-sensitive string comparison against a lowercase filter list containing `authorization` and `host` to strip security-sensitive headers. However, because HTTP header names are case-insensitive per RFC 7230 and Tesla preserves header keys verbatim, headers using canonical casing, such as `Authorization`, do not match the lowercase filter and are forwarded to the redirect destination. An attacker capable of influencing a `Location:` response can capture bearer tokens or other authorization material. **Recommendations** Update to version 1.18.3. Normalize all header keys to lowercase before passing them to the software, specifically using `authorization` instead of `Authorization` when setting headers via `Tesla.put header/3` or `Tesla.Middleware.Headers`.

**Name of the Vulnerable Software and Affected Versions** mint versions 0.1.0 through 1.8.x **Description** Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Request Splitting and HTTP Request Smuggling. In the `encode request line/2` function within `lib/mint/http1/request.ex`, the `method` and `target` arguments are spliced directly into the HTTP/1 request line without character validation. Applications forwarding attacker-controlled input as the HTTP method or target to the `Mint.HTTP.request/5` function are exposed to request-line CRLF injection. This enables an attacker to terminate the request line prematurely, inject arbitrary headers, and smuggle a separate pipelined HTTP request over the same TCP connection. While the `validate request target/2` function introduced in version 1.7.0 rejects CRLF and control characters in the `target` by default, the `method` field remains unvalidated across all versions. **Recommendations** Update to version 1.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** tesla versions 0.8.0 through 1.18.2 **Description** Improper Neutralization of CRLF Sequences in HTTP Headers, also known as HTTP Request/Response Splitting, allows HTTP header injection. The function `add content type param/2` within the `Tesla.Multipart` module appends caller-supplied strings to the `content type params` list without validating for Carriage Return (`r`) or Line Feed (` `) characters. Subsequently, the `headers/1` function in `Tesla.Multipart` joins these parameters verbatim to construct the outgoing Content-Type header. If a parameter contains `r `, it splits the header line, enabling the injection of arbitrary headers into the outbound HTTP request. This occurs when an application forwards untrusted input, such as a user-supplied charset or parameter string, into the `add content type param/2` function. **Recommendations** Update to version 1.18.3 or later. As a temporary workaround, validate content-type parameter strings before passing them to the `add content type param/2` function, rejecting any value that contains `r` or ` `.

**Name of the Vulnerable Software and Affected Versions** mint versions 0.1.0 through 1.8.x **Description** An inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections. The issue occurs because the HTTP/1 Content-Length parser, specifically the `content length header/1` function in `lib/mint/http1/parse.ex`, uses `Integer.parse/1` to process header values. This allows optional plus (+) or minus (-) sign prefixes; while negative values are rejected, inputs like `+0` or `+123` are accepted as valid lengths, contradicting RFC 7230 which permits only digits. A fronting proxy or load balancer enforcing strict grammar may reject or reframe such headers while Mint treats them as valid. When sockets are reused via keep-alive, pipelining, or pooled connections shared across requesters, this disagreement allows bytes from one response to be attributed to the next, potentially leaking data into a different consumer's response stream if the connection is shared across trust boundaries. **Recommendations** Update to version 1.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** elixir-mint versions 0.1.0 through 1.8.x **Description** An issue exists where attacker-controlled HTTP/2 servers can cause memory exhaustion in a client. This occurs because the HTTP/2 receive path does not cap the accumulator when a HEADERS frame is observed without the END HEADERS flag. Subsequent CONTINUATION frames are appended to `conn.headers being processed` without per-stream size limits or frame-count limits. Additionally, `max header list size` is only enforced on outgoing requests and not on inbound header blocks. A malicious server can stream an endless sequence of CONTINUATION frames, driving the client's iolist to an arbitrary size, which leads to memory exhaustion and BEAM process death. **Recommendations** Update to version 1.9.0 or later. Restrict connections to untrusted servers to HTTP/1 by passing `protocols: [:http1]` to the `Mint.HTTP.connect/4` function to avoid the vulnerable HTTP/2 receive path.

**Name of the Vulnerable Software and Affected Versions** tesla versions 0.8.0 through 1.18.2 **Description** Improper encoding or escaping of output allows multipart part header injection through unescaped `Content-Disposition` parameter values. The function `part headers for disposition()` interpolates disposition parameters without validating carriage return (`r`), line feed (` `), or double-quote characters. These values are received from the caller via `add field()` (the `name` parameter), `add file()` (the `filename` parameter), and `add file content()` (the `filename` parameter and other disposition options). A double-quote character can close a quoted parameter prematurely, while `r ` sequences can terminate the `Content-Disposition` header to start a new forged header or end the header block to prepend bytes to the part body. Additionally, the default filename path in `add file()` uses `Path.basename()`, which does not strip carriage returns or line feeds. **Recommendations** Update to version 1.18.3. Validate disposition parameter values before passing them to `add field()`, `add file()`, or `add file content()`, rejecting any value containing `r`, ` `, or double-quotes.

**Name of the Vulnerable Software and Affected Versions** tesla versions 0.6.0 through 1.18.2 **Description** Improper handling of highly compressed data allows a denial of service via a decompression bomb in HTTP response bodies. When `Tesla.Middleware.DecompressResponse` or `Tesla.Middleware.Compression` is included in a middleware pipeline, response bodies are decompressed eagerly without a size limit. Specifically, the `decompress body/2` function passes the entire response body to `:zlib.gunzip/1` or `:zlib.unzip/1` without capping the output size. Furthermore, the `compression algorithms/1` function splits the `content-encoding` header on commas, and `decompress body/2` recurses for each token. A server providing multiple gzip layers in the `content-encoding` header can cause exponential amplification, where a small payload inflates to gigabytes of BEAM heap, exhausting memory and crashing or freezing the process. **Recommendations** Update to version 1.18.3. As a temporary workaround, avoid including `Tesla.Middleware.DecompressResponse` or `Tesla.Middleware.Compression` in the Tesla middleware pipeline.

**Name of the Vulnerable Software and Affected Versions** tesla versions 1.3.0 through 1.18.2 **Description** An issue in Tesla.Adapter.Mint allows for a denial of service via atom table exhaustion. The function `open conn/2` converts the URL scheme of outgoing requests into a BEAM atom using `String.to atom(uri.scheme)` without allow-list validation. BEAM atoms are permanent entries that are not garbage-collected and are limited to a bounded table of approximately 1,048,576 entries. An attacker capable of influencing the request URL—through application-level URL-forwarding features like webhooks, proxies, or importers, or via a Location header when `Tesla.Middleware.FollowRedirects` is active—can create a new atom for each request by varying the scheme string. Once the atom table is full, the virtual machine crashes, resulting in a complete application shutdown. **Recommendations** Update to version 1.18.3.