HIGH🇬🇧 English

CVE-2022-31005

CVSS 7.5v3.1pub. 2022-05-31upd. 2024-11-21

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Vapor

    APP
    Vapor
    < 4.60.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31019HIGH7.5ten sam produkt

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a...

CVE-2024-21631MEDIUM6.5ten sam produkt

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function us...

CVE-2023-44386MEDIUM5.3ten sam produkt

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of af...

CVE-2021-37634HIGH7.4ten sam vendor

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-...

CVE-2026-28499MEDIUM6.9ten sam vendor

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't wo...