VYPR

Erlang\/inets

by Erlang

Source repositories

CVEs (4)

  • CVE-2026-28808CriApr 7, 2026
    risk 0.57cvss 9.8epss 0.01

    Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates…

  • CVE-2026-23941CriMar 13, 2026
    risk 0.54cvss 9.4epss 0.01

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines…

  • CVE-2026-48858MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet, ftp_extension=false)…

  • CVE-2026-48856MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an…