CVE-2020-15150
EPSS 5.4%Remote Code Execution in paginator
Published: 4/12/2022Modified: 3/13/2026
Description
There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the `paginate()` function. ### Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the `paginate()` function. This will potentially affect all current users of `Paginator` prior to version >= 1.0.0. ### Patches The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. ### Credits Thank you to Peter Stöckli.
Affected packages (1)
- Hex/paginatorfrom 0, < 1.0.0
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15150
- PATCHhttps://github.com/duffelhq/paginator
- WEBhttps://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4b2dc/README.md#security-considerations
- WEBhttps://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8
- WEBhttps://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj
- WEBhttps://hex.pm/packages/paginator