彙總 ash-project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 檔案包含,在 生產負載與軟體部署 使用場景中可能帶來 檔案覆寫與未授權存取 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-55736 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set_private_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | 5.9 | 0.15% | 2026-06-23 | 2026-06-25 |
| CVE-2025-48044 | Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected], from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d. | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | 8.6 | 0.81% | 2025-10-17 | 2026-06-17 |
| CVE-2025-48043 | Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from pkg:hex/ash@0 before pkg:hex/[email protected], before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae. | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | 8.6 | 0.47% | 2025-10-10 | 2026-06-17 |
| CVE-2025-48042 | Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6. This issue affects ash: from pkg:hex/ash before pkg:hex/[email protected], before 3.5. | 6b3ad84c-e1a6-4bf7-a703-f496b71e49db | 7.1 | 0.29% | 2025-09-07 | 2026-06-17 |