CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-04 19:29


NVD link : CVE-2017-1000052

Mitre link : CVE-2017-1000052

CVE.ORG link : CVE-2017-1000052


JSON object : View

Products Affected

plug_project

  • plug
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')