HIGH🇵🇱 Wersja polska

CVE-2022-31005

CVSS 7.5v3.1pub. 2022-05-31upd. 2024-11-21

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Vapor

    APP
    Vapor
    < 4.60.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-31019HIGH7.5ten sam produkt

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a...

CVE-2024-21631MEDIUM6.5ten sam produkt

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function us...

CVE-2023-44386MEDIUM5.3ten sam produkt

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of af...

CVE-2021-37634HIGH7.4ten sam vendor

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-...

CVE-2026-28499MEDIUM6.9ten sam vendor

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't wo...