Vulnerabilities > CVE-2017-1000212 - Unspecified vulnerability in Alchemist-Elixir Alchemist-Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

alchemist-elixir

NVD

Published: 2017-11-17

Updated: 2019-10-03

Summary

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.

Vulnerable Configurations

Part	Description	Count
Application	Alchemist-Elixir Alchemist Elixir Alchemist Server -	1

References

https://github.com/tonini/alchemist-server/issues/14