CVE Daily – Phoenix Framework https://cvedaily.com/pages/tags/phoenix-framework.html CVE Daily – Phoenix Framework en Wed, 03 Jun 2026 21:26:52 +0000 [High] CVE-2026-32689 – Allocation of Resources Without Limits or Throttling vulnerability in phoenixfra... https://nvd.nist.gov/vuln/detail/CVE-2026-32689 https://nvd.nist.gov/vuln/detail/CVE-2026-32689 Tue, 05 May 2026 16:16:11 +0000 High CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson, the request body is split on newline characters using String.split/2 with no limit on the number of…

CVSS: 8.7 · CWE: CWE-770

View on NVD

]]> [Medium] CVE-2017-1000163 – The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, ... https://nvd.nist.gov/vuln/detail/CVE-2017-1000163 https://nvd.nist.gov/vuln/detail/CVE-2017-1000163 Fri, 17 Nov 2017 21:29:00 +0000 Medium CVE-2017-1000163

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

CVSS: 6.1 · CWE: CWE-601

View on NVD

]]>