Erlang Rebar3 vulnerabilities
3 known vulnerabilities affecting erlang/rebar3.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-13802P2CRITICALCVSS 9.8≥ 3.1.0, ≤ 3.13.2v3.0.02020-09-02
CVE-2020-13802 [CRITICAL] CWE-78 CVE-2020-13802: Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of d
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
nvd
CVE-2026-21619P3HIGHCVSS 7.5≥ 3.9.1, < 3.27.0≥ 209c02ec57c2cc3207ee0174c3af3675b8dc8f79, < 1d4478f527e373de0b225951e53115450e0d9b9d2026-02-27
CVE-2026-21619 [HIGH] CWE-400 CVE-2026-21619: Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_h
nvdosv
CVE-2019-1000014P3HIGHCVSS 8.8≥ 3.7.0, ≤ 3.7.52019-02-04
CVE-2019-1000014 [HIGH] CVE-2019-1000014: Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package reg
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.
nvd