Skip to content

Remote Code Execution in paginator

Critical severity GitHub Reviewed Published Aug 18, 2020 in duffelhq/paginator • Updated Jan 27, 2023

Package

erlang paginator (Erlang)

Affected versions

< 1.0.0

Patched versions

1.0.0

Description

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function.

Impact

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version >= 1.0.0.

Patches

The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.

Credits

Thank you to Peter Stöckli.

References

@waltfy waltfy published to duffelhq/paginator Aug 18, 2020
Published by the National Vulnerability Database Sep 1, 2020
Published to the GitHub Advisory Database Apr 12, 2022
Reviewed Apr 12, 2022
Last updated Jan 27, 2023

Severity

Critical

EPSS score

5.968%
(94th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2020-15150

GHSA ID

GHSA-w98m-2xqg-9cvj

Source code

Credits

Dependabot alerts are not supported on some or all of the ecosystems on this advisory.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.