CVE-2026-32148
- EPSS 0.19%
- Veröffentlicht 30.04.2026 18:17:03
- Zuletzt bearbeitet 05.05.2026 02:16:49
Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reprodu...
CVE-2026-21619
- EPSS 0.58%
- Veröffentlicht 27.02.2026 17:57:11
- Zuletzt bearbeitet 06.04.2026 17:17:07
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerabil...
CVE-2019-1000012
- EPSS 0.88%
- Veröffentlicht 04.02.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:17:40
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victi...