103 matches found
Improper Encoding or Escaping of Output
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmlEscaped process. An attacker can inject and execute arbitrary scripts in the context ...
leafkit 安全漏洞
Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that htmlEscaped only matched extended character clusters, which could...
EUVD-2024-0412
Malicious code in bioql PyPI...
EUVD-2023-1889
Malicious code in bioql PyPI...
EUVD-2023-2631
Malicious code in bioql PyPI...
EUVD-2023-1801
Malicious code in bioql PyPI...
EUVD-2023-1859
Malicious code in bioql PyPI...
EUVD-2023-1891
Malicious code in bioql PyPI...
EUVD-2023-1872
Malicious code in bioql PyPI...
MAL-2025-8801 Malicious code in @malware-test-musty-meats-dated-vapor/test-mlw3-musty-meats-dated-vapor (npm)
The package @malware-test-musty-meats-dated-vapor/test-mlw3-musty-meats-dated-vapor was found to contain malicious code...
Malicious code in @malware-test-musty-meats-dated-vapor/test-mlw3-musty-meats-dated-vapor (npm)
The package @malware-test-musty-meats-dated-vapor/test-mlw3-musty-meats-dated-vapor was found to contain malicious code...
MAL-2025-9047 Malicious code in @malware-test-vapor-masty-zeros-matte/test-mlw3-vapor-masty-zeros-matte (npm)
The package @malware-test-vapor-masty-zeros-matte/test-mlw3-vapor-masty-zeros-matte was found to contain malicious code...
Malicious code in @malware-test-vapor-masty-zeros-matte/test-mlw3-vapor-masty-zeros-matte (npm)
The package @malware-test-vapor-masty-zeros-matte/test-mlw3-vapor-masty-zeros-matte was found to contain malicious code...
CVE-2024-21631
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...
CVE-2021-32742
Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...
CVE-2021-21328
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited...
CVE-2022-31005
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a...
CVE-2022-31019
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...
GHSA-R6R4-5PR8-GJCP Vapor contains an integer overflow in URI leading to potential host spoofing
Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...