Moderate severityNVD Advisory· Published Jan 9, 2020· Updated Aug 4, 2024
Session fixation attack in Pow (Hex package)
CVE-2020-5205
Description
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
powHex | < 1.0.16 | 1.0.16 |
Affected products
2- Range: < 1.0.16
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-v2wf-c3j6-wpvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5205ghsaADVISORY
- github.com/danschultzer/pow/blob/master/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/danschultzer/pow/commit/578ffd3d8bb8e8a26077b644222186b108da474fghsax_refsource_MISCWEB
- github.com/danschultzer/pow/security/advisories/GHSA-v2wf-c3j6-wpvwghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.