Lucene search

MitreCVE-2017-1000053

HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-1000053

2017-07-1713:18:17

CWE-502

mitre

web.nvd.nist.gov

elixir

plug

v1.0.4

v1.1.7

v1.2.3

v1.3.2

arbitrary code execution

cve-2017-1000053

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.5%

JSON

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.

Affected configurations

Nvd

Node

plug_projectplugRange1.0.0–1.0.4

plug_projectplugRange1.1.0–1.1.7

plug_projectplugRange1.2.0–1.2.3

plug_projectplugRange1.3.0–1.3.2

VendorProductVersionCPE
plug_projectplug*cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
plug_project	plug	*	cpe:2.3:a:plug_project:plug::::::::

References

elixirforum.com/t/security-releases-for-plug/3913

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2017-1000053