CVE-2026-48597: Elixir Uri Scheme Atom Exhaustion
Converting an unbounded or untrusted string (like a URI scheme) to an atom dynamically using `String.to_atom/1` can lead to an atom memory exhaustion Denial of Service (DoS) vulnerability. Erlang VM atoms are not garbage-collected, so an attacker who can provide unique inputs can exhaust the bounded atom table and crash the application. Use pattern matching
greprules fetch cve-2026-48597-elixir-uri-scheme-atom-exhaustion --engine opengrepDescription
Converting an unbounded or untrusted string (like a URI scheme) to an atom dynamically using `String.to_atom/1` can lead to an atom memory exhaustion Denial of Service (DoS) vulnerability. Erlang VM atoms are not garbage-collected, so an attacker who can provide unique inputs can exhaust the bounded atom table and crash the application. Use pattern matching
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.