Vulnerabilities > Plug Project

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1000883 Improper Input Validation vulnerability in Plug Project Plug
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added.
4.3
2017-07-17 CVE-2017-1000053 Deserialization of Untrusted Data vulnerability in Plug Project Plug
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
6.8
2017-07-17 CVE-2017-1000052 Injection vulnerability in Plug Project Plug
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
local
low complexity
plug-project CWE-74
4.6