High severity7.8NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-1000052

Description

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
plugHex	< 1.0.4	1.0.4
plugHex	>= 1.1.0, < 1.1.7	1.1.7
plugHex	>= 1.2.0, < 1.2.3	1.2.3
plugHex	>= 1.3.0, < 1.3.2	1.3.2

Affected products

Plug Project/Plug
cpe:2.3:a:plug_project:plug:*:*:*:*:*:*:*:*
Range: >=1.0.0,<1.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

elixirforum.com/t/security-releases-for-plug/3913nvdThird Party AdvisoryWEB
github.com/advisories/GHSA-2q6v-32mr-8p8xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-1000052ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000