plug is a specification and conveniences for composable modules between web applications.
Affected versions of this package are vulnerable to Improper Input Validation.
Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow users to bypass filetype restrictions and upload arbitrary code.
plug to version 1.3.2, 1.2.3, 1.1.7, 1.0.4 or higher.