VYPR

Hex (Elixir) package

phoenix

pkg:hex/phoenix

Vulnerabilities (3)

  • CVE-2026-32689HigMay 5, 2026
    affected >= 1.7.0, < 1.7.22fixed 1.7.22

    Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: app

  • CVE-2022-42975Oct 17, 2022
    affected < 1.6.14fixed 1.6.14

    socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.

  • CVE-2017-1000163MedNov 17, 2017
    affected < 1.0.6fixed 1.0.6

    The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.