Packages
sobelow
0.13.0
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/vuln/coherence.ex
defmodule Sobelow.Vuln.Coherence do
@moduledoc """
# Coherence Version Vulnerable to Privilege Escalation
For more information visit:
https://github.com/advisories/GHSA-mrq8-53r4-3j5m
Coherence checks can be ignored with the following command:
$ mix sobelow -i Vuln.Coherence
"""
alias Sobelow.Config
alias Sobelow.Vuln
@uid 22
@finding_type "Vuln.Coherence: Known Vulnerable Dependency - Update Coherence"
use Sobelow.Finding
@vuln_vsn ["<=0.5.1"]
def run(root) do
plug_conf = root <> "/deps/coherence/mix.exs"
if File.exists?(plug_conf) do
vsn = Config.get_version(plug_conf)
case Version.parse(vsn) do
{:ok, vsn} ->
if Enum.any?(@vuln_vsn, fn v -> Version.match?(vsn, v) end) do
Vuln.print_finding(
plug_conf,
vsn,
"Coherence",
"Permissive parameters and privilege escalation",
"CVE-2018-20301",
"Coherence"
)
end
_ ->
nil
end
end
end
end