Resource exhaustion in Elixir-plug Plug
CVE-2026-56814
Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of s…
Affected products
- Elixir-plug Plug — versions 1.4.0, 1.17.0, 1.18.0
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)