Known CVE vulnerabilities and GitHub Security Advisories affecting the Hex package plug, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-54892: Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service…
CVE-2026-8468: Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer…
CVE-2017-1000053 — CVSS 8.1 (high): Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of…
CVE-2017-1000052 — CVSS 7.8 (high): Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow…
CVE-2018-1000883 — CVSS 6.5 (medium): Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can…