CVE-2022-42975

描述

socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.

受影響套件(1)

• Hex/phoenixfrom 0, < 1.6.14

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-42975
• PATCHhttps://github.com/phoenixframework/phoenix
• WEBhttps://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae
• WEBhttps://hexdocs.pm/phoenix/1.6.14/changelog.html#1-6-14-2022-10-10