VYPR

Plug

by Elixir Plug

Source repositories

CVEs (2)

  • CVE-2026-8468HigMay 14, 2026
    risk 0.46cvss epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read_part_headers/2 in lib/plug/conn.ex does not obey its :length parameter. There…

  • CVE-2026-54892Jun 23, 2026
    risk 0.00cvss epss 0.01

    Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded request bodies. When…