phoenix
1.8.9
Productive. Reliable. Fast. A productive web framework that does not compromise speed or maintainability.
Current section
5 Advisories
Jump to
Current section
5 Advisories
Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-56812.html
- https://github.com/phoenixframework/phoenix/commit/7f7b971c1ea0994e3fbd1c11ddb05e780bd38ad8
- https://github.com/phoenixframework/phoenix/commit/89a1c4be161e436241e12b2378a719904b9bd96f
- https://github.com/phoenixframework/phoenix/commit/b90b22521465ece00eb5a19d5aa2b9465b209c85
- https://github.com/phoenixframework/phoenix/commit/beffc4da1e787e572121f68902c63daf4fe7d9c2
- https://github.com/phoenixframework/phoenix/security/advisories/GHSA-63mc-hw7g-86rr
- https://hex.pm/packages/phoenix
- https://www.npmjs.com/package/phoenix
Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-56811.html
- https://github.com/phoenixframework/phoenix/commit/16e295d2fccab185d1292322e2bee5d46c725c8a
- https://github.com/phoenixframework/phoenix/commit/a612100cd8a4279091abc1a2ef8fb98a6d01c0a1
- https://github.com/phoenixframework/phoenix/commit/c498ba8cf49f6accbbd0c643a5340b58db891218
- https://github.com/phoenixframework/phoenix/commit/d19ca0a8d9f82c130b7ed339b9f033433e2dea5e
- https://github.com/phoenixframework/phoenix/security/advisories/GHSA-6983-jfq8-485w
- https://hex.pm/packages/phoenix
Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-32689.html
- https://github.com/phoenixframework/phoenix
- https://github.com/phoenixframework/phoenix/commit/1a67c61ff9ce0a7711662ac7354861917a7c80f7
- https://github.com/phoenixframework/phoenix/commit/912ea181fd247c21dbcc49fb97d0053b947d81bf
- https://github.com/phoenixframework/phoenix/security/advisories/GHSA-628h-q48j-jr6q
- https://hex.pm/packages/phoenix
- https://nvd.nist.gov/vuln/detail/CVE-2026-32689
- https://osv.dev/vulnerability/EEF-CVE-2026-32689
Phoenix before 1.6.14 mishandles check_origin wildcarding
Affected Versions
Phoenix Arbitrary URL Redirect
Affected Versions
Checksum
Dependency Config
mix.exs
rebar.config
Gleam
erlang.mk
Package Details
this version
53 858
yesterday
20 462
last 7 days
300 797
all time
151 857 843