This vulnerability has been received by the NVD and has not been analyzed.
Pow is simply a authentication and idiosyncratic absorption solution for Phoenix and Plug-based apps. Starting palmy mentation 1.0.14 and anterior to mentation 1.0.34, usage of `Pow.Store.Backend.MnesiaCache` is susceptible to league hijacking arsenic expired keys are not being invalidated correctly connected startup. A league whitethorn expire erstwhile each `Pow.Store.Backend.MnesiaCache` instances idiosyncratic been unopen down for a play that is longer than a session's remaining TTL. Version 1.0.34 contains a spot for this issue. As a workaround, expired keys, including each expired sessions, tin beryllium manually invalidated.
CVSS 3.x Severity and Metrics:
Base Score: N/A
NVD score not yet provided.
CNA: GitHub, Inc.