danschultzer

1 exploit Active since Jan 2020
CVE-2020-5205 WRITEUP MEDIUM WRITEUP
Pow < 1.0.16 - Session Fixation via Persistent Session Store
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.
CVSS 6.5