CVE-2017-1000163

Published: Nov 17, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

Affected (15)

Products: Phoenixframework: Phoenix

Phoenixframework

1 product

Phoenix

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Phoenixframework Phoenix	Version 1.0.0
Phoenixframework Phoenix	Version 1.0.1
Phoenixframework Phoenix	Version 1.0.2
Phoenixframework Phoenix	Version 1.0.3
Phoenixframework Phoenix	Version 1.0.4
Phoenixframework Phoenix	Version 1.1.0
Phoenixframework Phoenix	Version 1.1.1
Phoenixframework Phoenix	Version 1.1.2
Phoenixframework Phoenix	Version 1.1.3
Phoenixframework Phoenix	Version 1.1.4
Phoenixframework Phoenix	Version 1.1.5
Phoenixframework Phoenix	Version 1.1.6
Phoenixframework Phoenix	Version 1.2.0
Phoenixframework Phoenix	Version 1.2.2
Phoenixframework Phoenix	Version 1.3.0-rc.0

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://elixirforum.com/t/security-releases-for-phoenix/4143

Source: cve@mitre.org

MitigationThird Party Advisory

https://elixirforum.com/t/security-releases-for-phoenix/4143

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.