{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" }, { "introduced": "1.1.0" }, { "fixed": "1.1.7" }, { "introduced": "1.2.0" }, { "fixed": "1.2.3" }, { "introduced": "1.3.0" }, { "fixed": "1.3.2" } ] }, "events": [ { "introduced": "4b80fadc83707c5a583524f7bc2322a0540d134c" }, { "fixed": "af80b240b3e53a6ebf126aceafc905c8418c9ac9" }, { "introduced": "263f5ed01889611df8ecc25260e02091d095e9f3" }, { "fixed": "96fd47bbded5515e9bf0753332598666d3eb7ca8" }, { "introduced": "1b161d55dc383df6f9e44e08f8359a862ad70b6c" }, { "fixed": "9ae28a1b7896b7c816ea74cf5264ded53ff49fcf" }, { "introduced": "25eae222d0af1f70143efe90f1873f76f8f4db64" }, { "fixed": "3b76816c8d90fa07e226b6b0355eca58495c1556" } ], "repo": "https://github.com/elixir-plug/plug", "type": "GIT" } ] } ], "details": "Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.", "id": "CVE-2017-1000053", "modified": "2026-03-13T21:49:21.266619653Z", "published": "2017-07-17T13:18:17.627Z", "references": [ { "type": "ADVISORY", "url": "https://elixirforum.com/t/security-releases-for-plug/3913" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }