Skip to main content

Use of Software with Known Vulnerabilities


Prevent exploitation of known vulnerabilities in dependencies


  • Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications
  • Usage of mix for dependency management


Non compliant code

defp deps do
[{:phoenix, '~> 1.2.1'}]

The insecure code example demonstrates the use of an outdated and potentially vulnerable version of the Phoenix framework (1.2.1), as specified in the mix.exs file in an Elixir project. Known vulnerabilities exist in this version of the Phoenix framework that can be exploited by attackers.


  • Identify the dependencies and their versions that are known to have vulnerabilities.
  • Search for the latest versions or the safe versions of those dependencies.
  • Update the dependency specifications in your mix.exs file.
  • Run 'mix deps.update --all' to update the dependencies.

Compliant code

defp deps do
[{:phoenix, '~> 1.5.7'}]

In the secure code example, the Phoenix framework has been updated to a more recent and secure version (1.5.7). This version does not have the vulnerabilities present in the older version.