CVE-2018-1000883

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000883

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000883.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000883

Aliases

GHSA-9h73-w7ch-rh73

Published

2018-12-20T21:29:00.290Z

Modified

2026-03-14T09:25:52.948865Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6.

References

Affected packages

Git / github.com/elixir-plug/plug

Affected ranges

Type

GIT

Repo

https://github.com/elixir-plug/plug

Events

Introduced

Last affected

1ee639a07b63a650ef83cae21b5d4fefa6617e09

Introduced

Last affected

5749300a2d663be09c6e7ff926b40e0373f7767f

Introduced

5749300a2d663be09c6e7ff926b40e0373f7767f

Fixed

fc6d04692323abd0bcc7531c95215ccdcff4211c

Fixed

8857f8ab4acf9b9c22e80480dae2636692f5f573

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.5"
        },
        {
            "introduced": "1.2.5"
        },
        {
            "fixed": "1.3.5"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000883.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.3.5"
            }
        ]
    }
]