32 matches found
EUVD-2023-2631
Malicious code in bioql PyPI...
EUVD-2023-1889
Malicious code in bioql PyPI...
EUVD-2023-1859
Malicious code in bioql PyPI...
EUVD-2023-1801
Malicious code in bioql PyPI...
EUVD-2023-1872
Malicious code in bioql PyPI...
EUVD-2023-1891
Malicious code in bioql PyPI...
CVE-2024-21631
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...
CVE-2021-21328
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited...
CVE-2022-31005
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a...
CVE-2022-31019
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...
Integer Overflow or Wraparound
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the vaporurlparserparse function. An attacker can spoof the host by padding the port number with zeros, causing an integer overflow when the URL...
CVE-2024-21631 Integer overflow in URI leading to potential host spoofing
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...
CVE-2024-21631 Integer overflow in URI leading to potential host spoofing
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...
PT-2024-18983 · Vapor · Vapor
Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.90.0 Description: Vapor is an HTTP web framework for Swift. The vapor urlparser parse function uses uint16 t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs...
Vapor Input Validation Error Vulnerability
Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu systems. A security vulnerability exists in Vapor versions prior to 4.90.0 that stems from the vaporurlparserparse function's us...
Improper Handling of Exceptional Conditions
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to the incorrect handling of HTTP 1.x request parsing errors, an attacker can trigger a precondition failure in swift-nio by...
Vapor Security Breach
Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu. A security vulnerability exists in Vapor that stems from a denial of service DoS vulnerability due to a problem encountered...
Denial of Service (DoS)
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS in Vapor's HTTP Range Request, when FileMiddleware is enabled. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Denial of Service (DoS)
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS via URLEncodedFormDecoder. When using automatic content decoding, an attacker can craft a request body that can make the server crash. Details Denial of...