CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:04

Type Values Removed Values Added
References () https://elixirforum.com/t/security-releases-for-plug/3913 - Third Party Advisory () https://elixirforum.com/t/security-releases-for-plug/3913 - Third Party Advisory

Information

Published : 2017-07-17 13:18

Updated : 2024-11-21 03:04


NVD link : CVE-2017-1000052

Mitre link : CVE-2017-1000052

CVE.ORG link : CVE-2017-1000052


JSON object : View

Products Affected

plug_project

  • plug
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')