CVE-2020-15150
EPSS 5.4%Remote Code Execution in paginator
發布日:2022/4/12修改日:2026/3/13
描述
There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the `paginate()` function. ### Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the `paginate()` function. This will potentially affect all current users of `Paginator` prior to version >= 1.0.0. ### Patches The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. ### Credits Thank you to Peter Stöckli.
受影響套件(1)
- Hex/paginatorfrom 0, < 1.0.0
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15150
- PATCHhttps://github.com/duffelhq/paginator
- WEBhttps://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4b2dc/README.md#security-considerations
- WEBhttps://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8
- WEBhttps://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj
- WEBhttps://hex.pm/packages/paginator