You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Atoms are not garbage-collected, which can lead to memory exhaustion if many unique atoms are created dynamically.
It poses a security risk, as an attacker could exploit this to crash the application via a denial-of-service (DoS) attack.
To mitigate this, we should enforce safer practices in the template and educate developers on the risks and alternatives. The String.to_atom/1 function can lead to atom DoS vulnerabilities when used with untrusted or dynamic input, as atoms are not garbage-collected and can exhaust the BEAM's atom table.
Description
Atoms are not garbage-collected, which can lead to memory exhaustion if many unique atoms are created dynamically.
It poses a security risk, as an attacker could exploit this to crash the application via a denial-of-service (DoS) attack.
To mitigate this, we should enforce safer practices in the template and educate developers on the risks and alternatives. The
String.to_atom/1function can lead to atom DoS vulnerabilities when used with untrusted or dynamic input, as atoms are not garbage-collected and can exhaust the BEAM's atom table.For more information, see the Paraxial.io blog: Atom DoS: Exploiting the BEAM's Atom Table.
Tasks
String.to_atom/1.String.to_atom/1String.to_existing_atom/1instead ofString.to_atom/1.The text was updated successfully, but these errors were encountered: