Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-F6D1CD0DBCF0AD83CF4DFF5AFDF1F7F6

HistoryJun 07, 2023 - 12:00 a.m.

Vapor vulnerable to denial of service in URLEncodedFormDecoder

2023-06-0700:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

vapor

http web framework

denial of service

urlencodedformdecoder

vulnerability

swift

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

JSON

Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder.

Affected configurations

Vulners

Node

swiftvaporRange<4.61.1

VendorProductVersionCPE
swiftvapor*cpe:2.3:a:swift:vapor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
swift	vapor	*	cpe:2.3:a:swift:vapor::::::::

References

github.com/advisories/GHSA-qvxg-wjxc-r4gg

github.com/vapor/vapor

github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033

github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg

nvd.nist.gov/vuln/detail/CVE-2022-31019

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

JSON

Related for GITLAB-F6D1CD0DBCF0AD83CF4DFF5AFDF1F7F6