CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding
It is recommended to upgrade to Phoenix 1.6.14 or later. Phoenix 1.6.14 or later is also recommended for other applications that use the same socket transport, such as Redis, RabbitMQ, or Kafka. In Phoenix 1.6.9, socket transports mishandle check_origin wildcarding in the same way that remote transports do. If you are using Phoenix with an application that uses socket transport, upgrade to Phoenix 1.6.14 or later. Phoenix 1.6.14 or later is also recommended for other applications that use the same socket transport, such as Redis, RabbitMQ, or Kafka. In Phoenix 1.6.9, socket transports mishandle check_origin wildcarding in the same way that remote transports do. If you are using Phoenix with an application that uses socket transport, upgrade to Phoenix 1.6.14 or later.
If you are using an older version of Phoenix, you can enable checking of the origin of socket connections by setting the socket.check_origin setting in your environment. Phoenix 1.6.14 or later is also recommended for other applications that use the same socket transport, such as Redis, RabbitMQ, or Kafka. In Phoenix 1.6.9, socket transports mishandle check_origin wildcarding in the same way that remote transports do. If you are using Phoenix with an application that uses socket transport, upgrade to Phoenix 1.6.14 or later. Phoenix
Upgrade Audio Drivers
If you are using Phoenix with an application that uses a sound device, upgrade the audio drivers for your sound device. In Phoenix 1.6.14 or later, audio devices will no longer be rescheduled to a different device when switching between applications that have different configurations of the same sound card.
What is Phoenix?
Phoenix is the Elixir framework for building applications and services that run with high availability. Phoenix provides a friendly development and runtime experience, a component-based architecture, pattern matching, stubbed calls, pluggable RESTful routes, and more.
Check the Origin of Socket Connections
Phoenix 1.6.14 or later is also recommended for other applications that use the same socket transport, such as Redis, RabbitMQ, or Kafka. In Phoenix 1.6.9, socket transports mishandle check_origin wildcarding in the same way that remote transports do. If you are using Phoenix with an application that uses socket transport, upgrade to Phoenix 1.6.14 or later.
Check whether you are affected by the socket transport security issue
You can check whether you are affected by the socket transport security issue by running the following queries.
Timeline
Published on: 10/17/2022 06:15:00 UTC
Last modified on: 10/20/2022 14:12:00 UTC