VYPR

Hex (Elixir) package

ash

pkg:hex/ash

Vulnerabilities (4)

  • CVE-2026-34593HigApr 2, 2026
    affected < 3.22.0fixed 3.22.0

    Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for any user-supplied binary string that starts with "Elixir.", before

  • CVE-2025-48044HigOct 17, 2025
    affected >= 3.6.3, < 3.7.1fixed 3.7.1

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before

  • CVE-2025-48043HigOct 10, 2025
    affected < 3.6.2fixed 3.6.2

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from p

  • CVE-2025-48042HigSep 7, 2025
    affected < 3.5.39fixed 3.5.39

    Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex an