Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.
References
Link | Resource |
---|---|
https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 | Patch Third Party Advisory |
https://github.com/vapor/vapor/releases/tag/4.60.3 | Release Notes Third Party Advisory |
https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 | Exploit Third Party Advisory |
https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 | Patch Third Party Advisory |
https://github.com/vapor/vapor/releases/tag/4.60.3 | Release Notes Third Party Advisory |
https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - Patch, Third Party Advisory | |
References | () https://github.com/vapor/vapor/releases/tag/4.60.3 - Release Notes, Third Party Advisory | |
References | () https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - Exploit, Third Party Advisory |
10 Jun 2022, 14:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://github.com/vapor/vapor/releases/tag/4.60.3 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - Exploit, Third Party Advisory |
02 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. |
31 May 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-31 20:15
Updated : 2024-11-21 07:03
NVD link : CVE-2022-31005
Mitre link : CVE-2022-31005
CVE.ORG link : CVE-2022-31005
JSON object : View
Products Affected
vapor
- vapor
CWE
CWE-190
Integer Overflow or Wraparound