search

phoenixframework / phoenix

Peace of mind from prototype to production
https://www.phoenixframework.org
MIT License
21.44k stars 2.87k forks source link

Open GitHub Security Advisory for wildcard vulnerability #5014

Closed maennchen closed 2 years ago

maennchen commented 2 years ago

https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae committed today fixes a security vulnerability.

That vulnerability is currently not part of any vulnerability databases and users are therefore not warned about potential problems.

I propose to open a GitHub Security Advisory.

https://docs.github.com/en/code-security/repository-security-advisories/about-github-security-advisories-for-repositories

Doing that will ensure that it is part of the GH advisory database and will flag projects using an affected version on GitHub. It further integrates with MixAudit and others.

chrismccord commented 2 years ago

I will take a look. Thanks!

maennchen commented 2 years ago

CVE-2022-42975 has been issued for this vulnerability in the meantime.