Phoenix before 1.6.14 mishandles check_origin wildcarding
High severity
GitHub Reviewed
Published
Oct 17, 2022
to the GitHub Advisory Database
•
Updated Apr 10, 2024
Description
Published by the National Vulnerability Database
Oct 17, 2022
Published to the GitHub Advisory Database
Oct 17, 2022
Reviewed
Oct 18, 2022
Last updated
Apr 10, 2024
Credits
-
maennchen Analyst
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
References