CVE-2022-42975

Name of the Vulnerable Software and Affected Versions Phoenix versions prior to 1.6.14

Description The issue arises from the mishandling of check origin wildcarding in the socket/transport.ex file. This does not affect LiveView applications by default due to the presence of a LiveView CSRF token.

Recommendations For versions prior to 1.6.14, update to version 1.6.14 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the check origin configuration to minimize potential risks until the update can be applied.