CVE-2024-21631

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631

CVE-2024-21631 : Vapor’s vapor_urlparser_parse uses 16‑bit indices when parsing URI components, which may overflow for untrusted inputs and enable host spoofing in affected apps that use Vapor’s URI type. This affects versions prior to 4.90.0; 4.90.0 contains a patch. Workarounds include validati...

CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...

CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...

CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...

Vapor vulnerable to denial of service in URLEncodedFormDecoder

Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder. Impact When using automatic content decoding, e.g. swift app.post"foo" request - String in let foo = try request.content.decodeFoo.self return "\foo" An...

Vapor vulnerable to denial of service in URLEncodedFormDecoder

Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder...

Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines

Gin is a HTTP web framework written in Go Golang. Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...