{"id":"CVE-2017-1000053","details":"Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.","aliases":["GHSA-5v4m-c73v-c7gq"],"modified":"2026-04-10T03:55:58.985550Z","published":"2017-07-17T13:18:17.627Z","references":[{"type":"ADVISORY","url":"https://elixirforum.com/t/security-releases-for-plug/3913"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elixir-plug/plug","events":[{"introduced":"4b80fadc83707c5a583524f7bc2322a0540d134c"},{"fixed":"af80b240b3e53a6ebf126aceafc905c8418c9ac9"},{"introduced":"263f5ed01889611df8ecc25260e02091d095e9f3"},{"fixed":"96fd47bbded5515e9bf0753332598666d3eb7ca8"},{"introduced":"1b161d55dc383df6f9e44e08f8359a862ad70b6c"},{"fixed":"9ae28a1b7896b7c816ea74cf5264ded53ff49fcf"},{"introduced":"25eae222d0af1f70143efe90f1873f76f8f4db64"},{"fixed":"3b76816c8d90fa07e226b6b0355eca58495c1556"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"fixed":"1.0.4"},{"introduced":"1.1.0"},{"fixed":"1.1.7"},{"introduced":"1.2.0"},{"fixed":"1.2.3"},{"introduced":"1.3.0"},{"fixed":"1.3.2"}]}}],"versions":["v1.0.0","v1.0.3","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000053.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}