Safe-Erlang-Elixir

**Name of the Vulnerable Software and Affected Versions** oidcc versions prior to 3.0.2 oidcc versions prior to 3.1.2 oidcc versions prior to 3.2.0-beta.3 **Description** A Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc provider configuration worker:get provider configuration/1` or `oidcc provider configuration worker:get jwks/1`. This issue is unlikely to be exploited since the name is usually provided as a static value in the application using `oidcc`. The vulnerability is present in `oidcc provider configuration worker:get ets table name/1`, where the function `get ets table name` is calling `erlang:list to atom/1`. There is a highly improbable case where the 2nd argument of `oidcc provider configuration worker:get */1` is called with a different atom each time, leading to the atom table filling up and the node crashing. **Recommendations** For oidcc versions prior to 3.0.2, update to version 3.0.2 or later. For oidcc versions prior to 3.1.2, update to version 3.1.2 or later. For oidcc versions prior to 3.2.0-beta.3, update to version 3.2.0-beta.3 or later. As a temporary workaround, make sure only valid provider configuration worker names are passed to the functions `oidcc provider configuration worker:get provider configuration/1` and `oidcc provider configuration worker:get jwks/1`.