Lucene search

Vapor Project Security Vulnerabilities

cve

CVE-2020-15230

Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.

8.5CVSS

6.4AI Score

0.001EPSS

2020-10-02 07:15 PM

cve

CVE-2021-21328

Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited cou...

5.3CVSS

5.2AI Score

0.002EPSS

2021-02-26 02:15 AM

cve

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.init(base32Encoded:) function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currentl...

9.1CVSS

9.2AI Score

0.002EPSS

2021-07-09 02:15 PM