Vulnerabilities > CVE-2017-20166 - Unspecified vulnerability in Ecto Project Ecto 2.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
- https://github.com/advisories/GHSA-2xxx-fhc8-9qvq
- https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
- https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250
- https://github.com/elixir-ecto/ecto/pull/2125
- https://github.com/elixir-ecto/ecto/pull/2125
- https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU
- https://groups.google.com/forum/#%21topic/elixir-ecto/0m4NPfg_MMU