Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PowAssent is susceptible to denial of service attacks
Vulnerability Description
The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetch the provider configuration value. This is unsafe as it is user provided data, and can be used to fill up the whole atom table of ~1M which will cause the app to crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
PowAssent 输入验证错误漏洞
Vulnerability Description
PowAssent是一个Pow身份验证和用户管理库的多供应商支持版本。 PowAssent中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A