Vulnerability in Elixir-plug Plug
CVE-2026-56813
Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set…
Affected products
- Elixir-plug Plug — versions 0.1.0, 1.17.0, 1.18.0
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)