Vulnerabilities > CVE-2017-1000212 - Unspecified vulnerability in Alchemist-Elixir Alchemist-Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

alchemist-elixir

critical

NVD

Published: 2017-11-17

Updated: 2024-11-21

Summary

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.

Vulnerable Configurations

Part	Description	Count
Application	Alchemist-Elixir Alchemist Elixir Alchemist Server -	1

References

https://github.com/tonini/alchemist-server/issues/14
https://github.com/tonini/alchemist-server/issues/14