MGASA-2026-0196

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0196.html

Import Source

https://advisories.mageia.org/MGASA-2026-0196.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0196

Upstream

CVE-2026-21619

Published

2026-06-11T16:55:52Z

Modified

2026-06-11T17:00:04.838087366Z

Summary

Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Details

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore (hexapi modules), hexpm hex (mixhexapi modules), erlang rebar3 (r3hexapi modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl, src/mixhexapi.erl, apps/rebar/src/vendored/r3hexapi.erl and program routines hexcore:request/4, mixhexapi:request/4, r3hexapi:request/4. This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / erlang-hex_core

Package

Name: erlang-hex_core
Purl: pkg:rpm/mageia/erlang-hex_core?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.1-2.1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0196.json"

Mageia:9 / erlang-rebar3

Package

Name: erlang-rebar3
Purl: pkg:rpm/mageia/erlang-rebar3?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0196.json"