plug

Hex4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting plugpage 1 of 1

CVE-2017-1000052HIGHCVSS 7.8EG 7.8✓ Fixed in 1.3.2
2017-07-17
vulnerable: 1.3.0, 1.3.1
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
CVE-2017-1000053HIGHCVSS 8.1EG 8.1✓ Fixed in 1.3.2
2017-07-17
vulnerable: 1.3.0, 1.3.1
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
CVE-2018-1000883MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.3.5
2018-12-20
vulnerable: 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vuln…
CVE-2026-8468HIGHCVSS 8.2EG 8.2✓ Fixed in 1.19.2
2026-05-14
vulnerable: 1.19.0, 1.19.1
Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read_part_headers/2 in lib/plug/conn.ex doe…

Check whether plug is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for plug CVEs against the assets you own.

Start Free Scan →