elixir
Insecure generation of random numbers - Static IV - Elixir
Need Ensuring secure initialization vectors for cryptographic operations Context Usage of Elixir (version 1.10 and above) for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response handling Usage of ...
OS Command Injection - Elixir
Need Preventing execution of arbitrary OS commands Context Usage of Elixir (version 1.10 and above) for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response handling Description Non compliant code ...
Password Reset Poisoning - Elixir
Need To ensure secure password resets and prevent attackers from gaining control over user accounts. Context Usage of Elixir 1.12 for functional programming and building scalable applications Usage of Plug for building composable web applications in ...
Account Takeover - Elixir
Need To prevent unauthorized access and control over a user account. Context Usage of Elixir 1.12 for functional programming and building scalable applications Usage of Plug for building composable web applications Usage of Phoenix web framework for ...
Uncontrolled External Site Redirect - Host Header Injection - Elixir
Need Prevent malicious redirection and potential SSRF attacks Context Usage of Elixir for functional and concurrent programming Usage of Plug.Conn for handling HTTP connections in Elixir Usage of Plug.Conn for request handling Description Non ...
Inadequate File Size Control - Elixir
Need Prevent resource exhaustion and potential denial of service attacks Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug.Upload for handling file uploads in Elixir File uploads are handled using Plug.Upload ...
Password change without identity check - Elixir
Need Ensure only the authentic user can change the account password Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Password reset without identity verification ...
Insecure or unset HTTP headers - Content-Security-Policy - Elixir
Need Prevent potential security threats by correctly setting Content-Security-Policy Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Phoenix Framework for building web applications Usage of the application ...
Insecure HTTP methods enabled - Elixir
Need To ensure that HTTP methods such as TRACE, PUT and DELETE are disabled to avoid potential security risks Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Phoenix Framework for building web applications ...
Asymmetric denial of service - Content length - Elixir
Need Prevent service degradation or outage due to malicious requests with excessively large Content-Length headers Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response ...
Remote File Inclusion - Elixir
Need Prevent execution of remote files to maintain application integrity and confidentiality of data. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response handling Usage ...
Concurrent sessions - Elixir
Need Prevent multiple simultaneous sessions from the same user account to maintain traceability and non-repudiation of user actions. Context Usage of Elixir for building scalable and concurrent applications Usage of Plug and Cowboy for HTTP request ...
Insecure or unset HTTP headers - Referrer-Policy - Elixir
Need Prevent website domain and path from being leaked to external services. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response handling Improperly set Referrer-Policy ...
Lack of data validation - Path Traversal - Elixir
Need Prevent unauthorized access to files and directories outside the intended path scope. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug and Cowboy for HTTP request and response handling File access or ...
Insecure session expiration time - Elixir
Need Prevent unauthorized access to user information and actions. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug.Session for managing session data in Elixir applications Usage of a server with indefinite ...
Insecure session management - Elixir
Need To prevent unauthorized access and potential misuse of session tokens. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug.Session for HTTP session management Usage of session token reuse in server even ...
XML injection (XXE) - Elixir
Need To prevent potential data exfiltration or remote command execution via XML input. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of sweet_xml for parsing and manipulating XML data Vulnerability: XML input ...
Account Lockout - Elixir
Need To prevent potential denial of service for valid users via account lockouts. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir for building scalable and fault-tolerant applications Usage of user ...
Lack of data validation - Trust boundary violation - Elixir
Need To prevent potential security vulnerabilities due to trusting and mixing untrusted data in the same data structure or structured message. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir for building ...
CSV injection - Elixir
Need To protect against malicious injection of formulas into fields that are exported as part of CSV files and potentially interpreted by Excel or other spreadsheet software. Context Usage of Elixir for building scalable and fault-tolerant ...
Data Uniqueness Not Properly Verified - Elixir
Need To ensure that sensitive data intended for single use cannot be reused or regenerated. Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir Ecto for database query and manipulation Usage of unique tokens ...
Insecure Deserialization - Elixir
Need To protect against unauthorized control of application execution flow Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir Phoenix for building web applications Usage of serialization/deserialization ...
External Control of File Name or Path - Elixir
Need To prevent unauthorized access and alteration of system files Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir Phoenix Plug for building web applications Usage of file-upload handling for untrusted ...
Email Uniqueness Not Properly Verified - Elixir
Need To prevent multiple account creation with the same email address Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir Phoenix Ecto for building web applications with a functional programming language and ...
Improper Control of Interaction Frequency - Elixir
Need To prevent server saturation and potential Denial of Service (DoS) attacks Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir Plug for handling HTTP requests and protecting against attacks No rate ...
Improper Type Assignation - Elixir
Need To prevent errors and potential security issues caused by assigning the wrong type of value to a variable Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Elixir for building scalable and fault-tolerant ...
Security Controls Bypass or Absence - Elixir
Need Prevent denial of service or system overloading by limiting request rate Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications with Elixir Handling high incoming requests ...
HTTP Parameter Pollution - Elixir
Need Prevent unexpected behavior due to injection of extra HTTP parameters Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of HTTP parameter validation ...
Local File Inclusion - Elixir
Need Prevent reading or executing server files through relative path manipulation Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications with Elixir Usage of file handling for ...
Race Condition - Elixir
Need Prevent arbitrary overwriting, deletion or reading of files due to incorrect input sequencing Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of ...
Lack of data validation - Type confusion - Elixir
Need Prevent misinterpretation of data types and code injection Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of input validation for data validation ...
Insecurely generated cookies - HttpOnly - Elixir
Need To protect cookies from being accessed by client-side scripts Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of secure cookie handling for session ...
Insecurely generated cookies - SameSite - Elixir
Need To protect cookies from being sent along with cross-site requests Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of secure cookie handling ...
Insecurely generated cookies - Secure - Elixir
Need To protect sensitive cookies from being sent over insecure channels Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of secure cookie handling for ...
Insecure or unset HTTP headers - Strict Transport Security - Elixir
Need To enforce the use of HTTPS to prevent confidential information from being sent over insecure channels Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir ...
Insecure or unset HTTP headers - X-Content-Type-Options - Elixir
Need To prevent MIME sniffing attacks Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of HTTP headers management Description Non compliant code defmodule ...
Insecure or unset HTTP headers - CORS - Elixir
Need To prevent the inclusion of resources from untrusted origins Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug, Cowboy, and CorsPlug for building a web server in Elixir Usage of CORS headers management ...
Insecure or unset HTTP headers - X-XSS Protection - Elixir
Need To prevent the increase in the chance of exploiting a stored XSS Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of X-XSS Protection header ...
Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies - Elixir
Need To prevent harmful requests from Adobe Flash or PDF documents Context Usage of Elixir for building scalable and fault-tolerant applications Usage of Plug Cowboy for building web applications in Elixir Usage of X-Permitted-Cross-Domain-Policies ...
Remote Command Execution Vulnerability - Elixir
Need Prevent unauthorized code or command execution Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of os.cmd for executing shell commands Description Non compliant code def run_command(input) do ...
Next page