Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw

Critical EPSS: 0.05345% (0.8954 Percentile) EPSS:
Permalink JSON

Remote Code Execution in paginator

Affected Packages Affected Versions Fixed Versions
hex:paginator < 1.0.0 1.0.0
5 Dependent packages
48 Dependent repositories
4,152,808 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.5.0, 0.6.0

All unaffected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.2.0

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function.

Impact

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version >= 1.0.0.

Patches

The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.

Credits

Thank you to Peter Stöckli.

References:

Identifiers

GHSA-w98m-2xqg-9cvj

CVE-2020-15150

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.05345

EPSS Percentile: 0.8954

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/duffelhq/paginator

Date and time

Published

over 3 years ago

Updated

almost 3 years ago

API

JSON