slogsdon
commented
8 years ago Hi @SViccari! Nice catch! I built this library before I knew better about this vulnerability, and because it's been a while since I last used it, I did not think to come back to look for it.
I've incremented the version to 0.5.0 and pushed the update to Hex.
SViccari
Converting external parameters from strings keys to atom keys creates the vulnerability of being susceptible to a DoS attack, via object allocation. With this in mind, I'm proposing that we remove the string-to-atom conversion that's currently taking place.
I realize this will introduce a breaking change. If you like, I'm happy to bump the version as well.