cpe:/a:elixir-plug:plug:1.0.0 cpe:/a:elixir-plug:plug:1.0.1 cpe:/a:elixir-plug:plug:1.0.2 cpe:/a:elixir-plug:plug:1.0.3 cpe:/a:elixir-plug:plug:1.1.0 cpe:/a:elixir-plug:plug:1.1.1 cpe:/a:elixir-plug:plug:1.1.2 cpe:/a:elixir-plug:plug:1.1.3 cpe:/a:elixir-plug:plug:1.1.4 cpe:/a:elixir-plug:plug:1.1.5 cpe:/a:elixir-plug:plug:1.1.6 cpe:/a:elixir-plug:plug:1.2.0 cpe:/a:elixir-plug:plug:1.2.1 cpe:/a:elixir-plug:plug:1.2.2 cpe:/a:elixir-plug:plug:1.3.0 cpe:/a:elixir-plug:plug:1.3.1 CVE-2017-1000052 2017-07-17T09:18:17.593-04:00 2019-10-02T20:03:26.223-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-07-24T09:46:36.610-04:00 CONFIRM https://elixirforum.com/t/security-releases-for-plug/3913 Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.