plug is vulnerable to Inefficient Algorithmic Complexity
87
High Risk
Affected versions of Plug are vulnerable to a denial-of-service (DoS) issue because the nested parameter decoder processes deeply nested URL-encoded parameters with quadratic time complexity. A remote attacker can send a specially crafted request to consume excessive CPU resources and make a Plug-based application unresponsive without authentication.
You are affected if you are using a version that falls within the vulnerable range.
plug is vulnerable to Inefficient Algorithmic Complexity in versions 1.15.0 - 1.15.4, 1.16.0 - 1.16.3, 1.17.0 - 1.17.1, 1.18.0 - 1.18.2 and 1.19.0 - 1.19.2.
Upgrade the plug library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant