3 matches found
CVE-2022-31019
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...
CVE-2022-31019 DoS Vulnerability in URLEncodedFormDecoder in Vapor
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...
CVE-2022-31019
Vapor (Swift) contains a DoS in URLEncodedFormDecoder used during automatic content decoding. The vulnerability arises from unbounded attacker-controlled stack growth in decoding requests, potentially causing a stack overflow and server crash. It affects Vapor versions prior to 4.61.1. The adviso...