Filtered by vendor Erlang
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25623 | 1 Erlang | 1 Erlang\/otp | 2024-11-21 | 7.5 High |
| Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | ||||
| CVE-2020-13802 | 1 Erlang | 1 Rebar3 | 2024-11-21 | 9.8 Critical |
| Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | ||||
| CVE-2019-1000014 | 1 Erlang | 1 Rebar3 | 2024-11-21 | N/A |
| Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0. | ||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2024-11-21 | 6.1 Medium |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | ||||