VYPR

Hex (Elixir) package

pow_assent

pkg:hex/pow_assent

Vulnerabilities (1)

  • CVE-2019-16764Nov 25, 2019
    affected < 0.4.4fixed 0.4.4

    The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetc