CVE-2024-21631
- EPSS 0.4%
- Veröffentlicht 03.01.2024 17:15:12
- Zuletzt bearbeitet 21.11.2024 08:54:45
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability d...
CVE-2023-44386
- EPSS 0.05%
- Veröffentlicht 05.10.2023 18:15:12
- Zuletzt bearbeitet 21.11.2024 08:25:47
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is f...
CVE-2022-31019
- EPSS 0.11%
- Veröffentlicht 09.06.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:43
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); ...
CVE-2022-31005
- EPSS 0.34%
- Veröffentlicht 31.05.2022 20:15:07
- Zuletzt bearbeitet 21.11.2024 07:03:41
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a work...