Unvalidated URL Redirection in Phoenix Framework by Elixir
CVE-2017-1000163

6.1MEDIUM

Key Information:

Vendor: Phoenixframework
Status: Phoenix
Vendor: CVE Published:; 17 November 2017

🔔 Create Phoenixframework Vulnerability Alert

What is CVE-2017-1000163?

The Phoenix Framework, used extensively in Elixir applications, contains a vulnerability across multiple versions that allows for unvalidated URL redirection. This flaw can be exploited by malicious actors to direct users to unauthorized URLs, increasing the risk of phishing and social engineering attacks. Proper validation mechanisms must be employed to mitigate this risk and protect users from potential threats.

References

https://elixirforum.com/t/security-releases-for-phoenix/4143

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 17, 2017

CVE-2017-1000163 Data

JSON