2 matches found
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...
CVE-2020-15230
Vapor (Swift) vulnerable before 4.29.4 when using FileMiddleware: attackers can read arbitrary files on the same host via path traversal/percent-encoded relative paths, leading to data disclosure. Impact is data exposure with HIGH confidentiality impact per CVSS in sources. Fixed in Vapor 4.29.4;...