CVE-2026-23940

hexpm hexpm/hexpm da nazoratsiz resurs sarfi zaifligi ortiqcha ajratishga imkon beradi. Katta hajmdagi paketni nashr qilish, yuklangan paket tarballini ajratib olish paytida Hex.pm xotirasining tugashiga olib kelishi mumkin. Bu ta'sirlangan dastur nusxasini tugatishi va paketni nashr etish va boshqa paketlarni qayta ishlash funksiyalari uchun xizmat ko'rsatilmasligiga olib kelishi mumkin.

 Bu muammo hexpm: 495f01607d3eae4aed7ad09b2f54f31ec7a7df01 dan oldin; hex.pm: 2026-03-10 dan oldin quyidagi parametrlarga ta'sir qiladi.

Manbalar

• https://github.com/hexpm/hexpm/commit/495f01607d3eae4aed7ad09b2f54f31ec7a7df01
• https://github.com/hexpm/hexpm/security/advisories/GHSA-jp8w-gxf6-8hcr