Vulnerability Description
There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duffel | Paginator | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4bThird Party Advisory
- https://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661dPatchThird Party Advisory
- https://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvjThird Party Advisory
- https://hex.pm/packages/paginatorProduct
- https://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4bThird Party Advisory
- https://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661dPatchThird Party Advisory
- https://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvjThird Party Advisory
- https://hex.pm/packages/paginatorProduct
FAQ
What is CVE-2020-15150?
CVE-2020-15150 is a vulnerability with a CVSS score of 9.0 (CRITICAL). There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affe...
How severe is CVE-2020-15150?
CVE-2020-15150 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15150?
Check the references section above for vendor advisories and patch information. Affected products include: Duffel Paginator.