{ "schema_version": "1.7.0", "id": "MGASA-2026-0196", "published": "2026-06-11T16:55:52Z", "modified": "2026-06-11T16:05:02Z", "summary": "Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability", "details": "Uncontrolled Resource Consumption, Deserialization of Untrusted Data\nvulnerability in hexpm hex_core (hex_api modules), hexpm hex\n(mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object\nInjection, Excessive Allocation. This vulnerability is associated with\nprogram files src/hex_api.erl, src/mix_hex_api.erl,\napps/rebar/src/vendored/r3_hex_api.erl and program routines\nhex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4. This\nissue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before\n2.3.2; rebar3: from 3.9.1 before 3.27.0.\n", "upstream": [ "CVE-2026-21619" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0196.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35187" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULA2SKGZS6NTHYMAHGYMOGTSP4KM4IOP/" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "erlang-hex_core", "purl": "pkg:rpm/mageia/erlang-hex_core?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.7.1-2.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:9", "name": "erlang-rebar3", "purl": "pkg:rpm/mageia/erlang-rebar3?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.18.0-1.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }