Every CVE whose affected-product data names Plug Project Plug, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-1000053 — CVSS 8.1 (high): Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of…
CVE-2017-1000052 — CVSS 7.8 (high): Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow…
CVE-2018-1000883 — CVSS 6.5 (medium): Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can…