Wildcard Origin Check Oversight in Phoenix Framework by Phoenix Framework
CVE-2022-42975

7.5HIGH

Key Information:

Vendor: Phoenixframework
Status: Phoenix
Vendor: CVE Published:; 17 October 2022

🔔 Create Phoenixframework Vulnerability Alert

What is CVE-2022-42975?

In the Phoenix Framework prior to version 1.6.14, an improper handling of the 'check_origin' directive can lead to potential security issues, allowing unintended origins to be accepted in socket communications. Notably, applications using LiveView remain secure by default due to the implementation of a CSRF token, mitigating the risk associated with this vulnerability. Developers are encouraged to upgrade to the latest version to ensure robust security measures.

References

https://github.com/phoenixframework/phoenix/commit/6e7185...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-42975 Data

JSON