CVE-2017-1000052

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000052

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000052.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000052

Aliases

GHSA-2q6v-32mr-8p8x

Published

2017-07-17T13:18:17.593Z

Modified

2026-03-14T09:23:39.663030Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.

References

https://elixirforum.com/t/security-releases-for-plug/3913

Affected packages

Git / github.com/elixir-plug/plug

Affected ranges

Type

GIT

Repo

https://github.com/elixir-plug/plug

Events

Introduced

4b80fadc83707c5a583524f7bc2322a0540d134c

Fixed

af80b240b3e53a6ebf126aceafc905c8418c9ac9

Introduced

263f5ed01889611df8ecc25260e02091d095e9f3

Fixed

96fd47bbded5515e9bf0753332598666d3eb7ca8

Introduced

1b161d55dc383df6f9e44e08f8359a862ad70b6c

Fixed

9ae28a1b7896b7c816ea74cf5264ded53ff49fcf

Introduced

25eae222d0af1f70143efe90f1873f76f8f4db64

Fixed

3b76816c8d90fa07e226b6b0355eca58495c1556

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.4"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.7"
        },
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.3"
        },
        {
            "introduced": "1.3.0"
        },
        {
            "fixed": "1.3.2"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.0-rc.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000052.json"