5 matches found
EUVD-2023-1889
Malicious code in bioql PyPI...
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...
GHSA-VCVG-XGR8-P5GQ Arbitrary file read using percent-encoded relative paths in FileMiddleware
Impact Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. Patches Version 4.29.4 Workarounds Upgrade to 4.24.4 or later, or disable FileMiddleware. References Introduced in https://github.com/vapor/vapor/pull/2223 Fixed by...
Vapor Path Traversal Vulnerability
vapor is a Swift web development framework for individual developers. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A security vulnerability exists in versions of Vapor prior to 4.29.4, which can be exploited by an attacker to access data in ...
PT-2020-14296 · Vapor · Vapor
Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.29.4 Description: Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. This issue affects applications that use FileMiddleware. Recommendations: For version...