plug is vulnerable to Denial of Service (DoS)
69
Medium Risk
Plug.Parsers.MULTIPART, the multipart request-body parser in the plug Elixir library that handles file uploads and multipart forms, does not charge its :length budget against file uploads. An unauthenticated remote attacker who can reach any multipart endpoint can send a single request composed of many empty-body file parts that stays well under the configured :length limit (8 MB by default), exhausting inodes and disk and growing memory (denial of service).
You are affected if you are using a version that falls within the vulnerable range.
plug is vulnerable to Denial of Service (DoS) in versions 0.1.0 - 1.16.5, 1.17.0 - 1.17.3, 1.18.0 - 1.18.4, 1.19.0 - 1.19.4 and 1.20.0 - 1.20.2.
Upgrade the plug library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant