Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues.
This vulnerability can be found in the bundled copy of the Node.JS HTTP parser used in the NIOHTTP1
module.
No workaround is available, users must upgrade.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/apple/swift-nio | lt | 2.13.1 | |
github.com/apple/swift-nio | lt | 1.14.2 |
github.com/advisories/GHSA-mgc4-wqv7-4pxm
github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa
github.com/apple/swift-nio/commit/bfde40cac8eca25ce021552513b20ee23fc6e306
github.com/apple/swift-nio/commit/df9390006bce7da1b6273f804d3acbbfdfcc6154
github.com/apple/swift-nio/commit/f94b22b506e3557cb1b325534fa9bbcd39c90246
github.com/apple/swift-nio/pull/1387
github.com/apple/swift-nio/pull/1388
github.com/apple/swift-nio/security/advisories/GHSA-mgc4-wqv7-4pxm