{“lastseen”:””,”description”:”Uncontrolled Resource Consumption vulnerability in oban-bg oban_web (‘Elixir.Oban.Web.CronExpr’ modules) allows memory exhaustion via unbounded cron range expansion.\\n\\nAn attacker with access to schedule cron jobs can submit a malicious cron expression such as \\”0 0 1-100000000 * *\\”. When a user with dashboard access views the cron job list, ‘Elixir.Oban.Web.CronExpr’:describe\/1 is called to render the expression. parse_range\/1 parses both range endpoints via Integer.parse\/1 with no bounds check, and the downstream helpers expand_dom_parts\/1 and expand_dow_parts\/1 materialise the range eagerly via Enum.to_list\/1, causing allocation of ~2.4 GB and stalling or crashing the BEAM node. A sibling helper extract_dom_values already validates range bounds, but the expansion helpers do not.\\n\\nThis issue affects oban_web: from 2.12.0 before 2.12.5.”,”published”:”2026-05-26T19:46:43.980Z”,”modified”:”2026-05-26T20:46:24.889Z”,”type”:”cve”,”title”:”Unbounded range expansion in cron describe causes memory exhaustion in oban_web”,”source”:”EEF”,”references”:”https:\/\/github.com\/oban-bg\/oban_web\/security\/advisories\/GHSA-6xh2-93p9-vqh4\\nhttps:\/\/cna.erlef.org\/cves\/CVE-2026-48593.html\\nhttps:\/\/osv.dev\/vulnerability\/EEF-CVE-2026-48593\\nhttps:\/\/github.com\/oban-bg\/oban_web\/commit\/9998b7e284e02fdd4645dd6231760038e63b584d”,”id”:”CVE-2026-48593″,”bulletinFamily”:””,”cwe”:[“CWE-400″],”cvelist”:null,”sourceData”:”oban-bg oban_web 2.12.0\\noban-bg oban_web a97c7960bb389b05aaab4cf8042985f02ceddc24″,”sourceHref”:””,”cvss”:{“score”:5.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:L\/UI:P\/VC:N\/VI:N\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”oban_web”,”version”:”2.12.0″,”vendor”:”oban-bg”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Uncontrolled Resource Consumption vulnerability in oban-bg oban_web (‘Elixir.Oban.Web.CronExpr’ modules) allows memory exhaustion via unbounded cron range expansion.\\n\\nAn attacker with access to schedule cron jobs can…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,97,12,21,13,7,11,5],"class_list":["post-57139","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-59","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n