CVE-2022-31005

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:03

Type Values Removed Values Added
References () https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - Patch, Third Party Advisory () https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - Patch, Third Party Advisory
References () https://github.com/vapor/vapor/releases/tag/4.60.3 - Release Notes, Third Party Advisory () https://github.com/vapor/vapor/releases/tag/4.60.3 - Release Notes, Third Party Advisory
References () https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - Exploit, Third Party Advisory () https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - Exploit, Third Party Advisory

10 Jun 2022, 14:22

Type Values Removed Values Added
CPE cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MISC) https://github.com/vapor/vapor/releases/tag/4.60.3 - (MISC) https://github.com/vapor/vapor/releases/tag/4.60.3 - Release Notes, Third Party Advisory
References (MISC) https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - (MISC) https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - (CONFIRM) https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5 - Exploit, Third Party Advisory

02 Jun 2022, 14:15

Type Values Removed Values Added
Summary Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

31 May 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-31 20:15

Updated : 2024-11-21 07:03


NVD link : CVE-2022-31005

Mitre link : CVE-2022-31005

CVE.ORG link : CVE-2022-31005


JSON object : View

Products Affected

vapor

  • vapor
CWE
CWE-190

Integer Overflow or Wraparound