Medium severity6.1NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026
CVE-2017-1000163
CVE-2017-1000163
Description
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phoenixHex | < 1.0.6 | 1.0.6 |
phoenixHex | >= 1.1.0, < 1.1.8 | 1.1.8 |
phoenixHex | >= 1.2.0, < 1.2.3 | 1.2.3 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- elixirforum.com/t/security-releases-for-phoenix/4143nvdMitigationThird Party AdvisoryWEB
- github.com/advisories/GHSA-cmfh-8f8r-fj96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000163ghsaADVISORY
News mentions
0No linked articles in our index yet.