pow

Hex2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting powpage 1 of 1

CVE-2020-5205MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.0.16
2020-01-09
vulnerable: 0.1.0-alpha ... 1.0.9 (31 versions)
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in …
CVE-2023-42446MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.0.34
2023-09-18
vulnerable: 1.0.14 ... 1.0.33 (20 versions)
Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are no…

Check whether pow is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pow CVEs against the assets you own.

Start Free Scan →