Hex Core
Monthly
Uncontrolled resource consumption in hex_core, hex, and rebar3 package managers results from unsafe deserialization of untrusted data in API request handling, enabling remote attackers to trigger excessive memory allocation and denial of service without authentication. Affected versions include hex_core before 0.12.1, hex before 2.3.2, and rebar3 before 3.27.0, with no patch currently available. An attacker can exploit this remotely over the network to exhaust system resources and crash affected Erlang/Elixir build environments.
Uncontrolled resource consumption in hex_core, hex, and rebar3 package managers results from unsafe deserialization of untrusted data in API request handling, enabling remote attackers to trigger excessive memory allocation and denial of service without authentication. Affected versions include hex_core before 0.12.1, hex before 2.3.2, and rebar3 before 3.27.0, with no patch currently available. An attacker can exploit this remotely over the network to exhaust system resources and crash affected Erlang/Elixir build environments.