Vulnerability Description
The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetch the provider configuration value. This is unsafe as it is user provided data, and can be used to fill up the whole atom table of ~1M which will cause the app to crash.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Powauth | Powassent | < 0.4.4 |
Related Weaknesses (CWE)
References
- http://erlang.org/doc/efficiency_guide/commoncaveats.html#list_to_atom-1Product
- https://github.com/pow-auth/pow_assent/commit/026105eeecc0e3c2f807e7109e745ea93cPatch
- https://github.com/pow-auth/pow_assent/security/advisories/GHSA-368c-xvrv-x986Third Party Advisory
- https://hex.pm/packages/pow_assentRelease Notes
- http://erlang.org/doc/efficiency_guide/commoncaveats.html#list_to_atom-1Product
- https://github.com/pow-auth/pow_assent/commit/026105eeecc0e3c2f807e7109e745ea93cPatch
- https://github.com/pow-auth/pow_assent/security/advisories/GHSA-368c-xvrv-x986Third Party Advisory
- https://hex.pm/packages/pow_assentRelease Notes
FAQ
What is CVE-2019-16764?
CVE-2019-16764 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_...
How severe is CVE-2019-16764?
CVE-2019-16764 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16764?
Check the references section above for vendor advisories and patch information. Affected products include: Powauth Powassent.