{"id":"CVE-2018-1000883","details":"Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in \u003e= 1.3.5 or ~\u003e 1.2.5 or ~\u003e 1.1.9 or ~\u003e 1.0.6.","aliases":["GHSA-9h73-w7ch-rh73"],"modified":"2026-03-14T09:25:52.948865Z","published":"2018-12-20T21:29:00.290Z","references":[{"type":"ADVISORY","url":"https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml"},{"type":"FIX","url":"https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elixir-plug/plug","events":[{"introduced":"0"},{"last_affected":"1ee639a07b63a650ef83cae21b5d4fefa6617e09"},{"introduced":"0"},{"last_affected":"5749300a2d663be09c6e7ff926b40e0373f7767f"},{"introduced":"5749300a2d663be09c6e7ff926b40e0373f7767f"},{"fixed":"fc6d04692323abd0bcc7531c95215ccdcff4211c"},{"fixed":"8857f8ab4acf9b9c22e80480dae2636692f5f573"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.9"},{"introduced":"0"},{"last_affected":"1.2.5"},{"introduced":"1.2.5"},{"fixed":"1.3.5"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000883.json","unresolved_ranges":[{"events":[{"introduced":"1.3.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}