CVE-2026-21619

EPSS 0.02%
Veröffentlicht 27.02.2026 17:57:11
Zuletzt bearbeitet 02.03.2026 20:30:10
Quelle 6b3ad84c-e1a6-4bf7-a703-f496b7
CVE-Watchlists
Login
Unerledigt
Login

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_hex_api.erl and program routines hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4.

This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerhexpm

≫

Produkt hex_core

Default Statusunaffected

Version < cdf726095bca85ad2549d146df1e831ae93c2b13

Version eb327f8edfe45507351e38cc0805aa12fa647f0b

Status affected

Herstellerhexpm

≫

Produkt hex_core

Default Statusunaffected

Version < 0.12.1

Version 0.1.0

Status affected

Version < pkg:hex/hex_core@0.12.1

Version pkg:hex/hex_core@0.1.0

Status affected

Herstellerhexpm

≫

Produkt hex

Default Statusunaffected

Version < 636739f3322514e9303ca335fb630696fcbb3c95

Version 314546ac432229518714cc8e3336e916b9da6305

Status affected

Herstellerhexpm

≫

Produkt hex

Default Statusunaffected

Version < 2.3.2

Version 2.3.0

Status affected

Version < pkg:otp/hex@2.3.2

Version pkg:otp/hex@2.3.0

Status affected

Herstellererlang

≫

Produkt rebar3

Default Statusunaffected

Version < 1d4478f527e373de0b225951e53115450e0d9b9d

Version 209c02ec57c2cc3207ee0174c3af3675b8dc8f79

Status affected

Herstellererlang

≫

Produkt rebar3

Default Statusunaffected

Version < 3.27.0

Version 3.9.1

Status affected

Version < pkg:otp/rebar3@3.27.0

Version pkg:otp/rebar3@3.9.1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
6b3ad84c-e1a6-4bf7-a703-f496b71e49db	2	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/hexpm/hex_core/security/advisories/GHSA-hx9w-f2w9-9g96

https://github.com/hexpm/hex_core/commit/cdf726095bca85ad2549d146df1e831ae93c2b13

https://github.com/hexpm/hex/commit/636739f3322514e9303ca335fb630696fcbb3c95

https://github.com/erlang/rebar3/commit/1d4478f527e373de0b225951e53115450e0d9b9d

https://nvd.nist.gov/vuln/detail/CVE-2026-21619

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21619

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21619

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-21619