defmodule Sobelow.Vuln.CookieRCE do
@moduledoc """
# Plug Version Vulnerable to Arbitrary Code Execution in Cookie Serialization
For more information visit:
https://github.com/advisories/GHSA-5v4m-c73v-c7gq
Cookie RCE checks can be ignored with the following command:
$ mix sobelow -i Vuln.CookieRCE
"""
alias Sobelow.Config
alias Sobelow.Vuln
@uid 23
@finding_type "Vuln.Plug: Known Vulnerable Dependency - Update Plug"
use Sobelow.Finding
# we could _probably_ remove some of these versions since if Sobelow is running,
# it means there is a minimum version of Elixir on the system which the lower
# versions of Plug wouldn't support - will leave for now to reflect CVE
@vuln_vsn ~w(1.3.1 1.3.0 1.2.2 1.2.1 1.2.0 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1.0 1.0.3 1.0.2 1.0.1 1.0.0)
def run(root) do
plug_conf = root <> "/deps/plug/mix.exs"
if File.exists?(plug_conf) do
vsn = Config.get_version(plug_conf)
if Enum.member?(@vuln_vsn, vsn) do
Vuln.print_finding(
plug_conf,
vsn,
"Plug",
"Arbitrary Code Execution in Cookie Serialization",
"CVE-2017-1000053",
"CookieRCE"
)
end
end
end
end