CVE-2017-1000053

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000053

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000053.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000053

Aliases

GHSA-5v4m-c73v-c7gq

Published

2017-07-17T13:18:17.627Z

Modified

2026-04-10T03:55:58.985550Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.

References

https://elixirforum.com/t/security-releases-for-plug/3913

Affected packages

Git / github.com/elixir-plug/plug

Affected ranges

Type

GIT

Repo

https://github.com/elixir-plug/plug

Events

Introduced

4b80fadc83707c5a583524f7bc2322a0540d134c

Fixed

af80b240b3e53a6ebf126aceafc905c8418c9ac9

Introduced

263f5ed01889611df8ecc25260e02091d095e9f3

Fixed

96fd47bbded5515e9bf0753332598666d3eb7ca8

Introduced

1b161d55dc383df6f9e44e08f8359a862ad70b6c

Fixed

9ae28a1b7896b7c816ea74cf5264ded53ff49fcf

Introduced

25eae222d0af1f70143efe90f1873f76f8f4db64

Fixed

3b76816c8d90fa07e226b6b0355eca58495c1556

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.4"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.7"
        },
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.3"
        },
        {
            "introduced": "1.3.0"
        },
        {
            "fixed": "1.3.2"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000053.json"