Description
The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to fetch the provider configuration value. This is unsafe as it is user provided data, and can be used to fill up the whole atom table of ~1M which will cause the app to crash.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/pow-auth/pow_assent/security/advisories/GHSA-368c-xvrv-x986
Release Notes x_refsource_misc
https://hex.pm/packages/pow_assent
Product x_refsource_misc
http://erlang.org/doc/efficiency_guide/commoncaveats.html#list_to_atom-1
Scores
CVSS v3
6.5
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
Hex/pow_assent
0 - 0.4.4Hex
powauth/powassent
< 0.4.4
Published
Nov 25, 2019
Tracked Since
Feb 18, 2026