cpe:/a:elixir-plug:plug:1.0.0 cpe:/a:elixir-plug:plug:1.0.1 cpe:/a:elixir-plug:plug:1.0.2 cpe:/a:elixir-plug:plug:1.0.3 cpe:/a:elixir-plug:plug:1.1.0 cpe:/a:elixir-plug:plug:1.1.1 cpe:/a:elixir-plug:plug:1.1.2 cpe:/a:elixir-plug:plug:1.1.3 cpe:/a:elixir-plug:plug:1.1.4 cpe:/a:elixir-plug:plug:1.1.5 cpe:/a:elixir-plug:plug:1.1.6 cpe:/a:elixir-plug:plug:1.2.0 cpe:/a:elixir-plug:plug:1.2.1 cpe:/a:elixir-plug:plug:1.2.2 cpe:/a:elixir-plug:plug:1.3.0 cpe:/a:elixir-plug:plug:1.3.1 CVE-2017-1000053 2017-07-17T09:18:17.627-04:00 2017-08-03T11:54:13.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-07-24T09:27:03.160-04:00 CONFIRM https://elixirforum.com/t/security-releases-for-plug/3913 Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.