Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
References
Link | Resource |
---|---|
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3 | Patch |
https://github.com/vapor/vapor/releases/tag/4.84.2 | Release Notes |
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm | Third Party Advisory |
Configurations
History
11 Oct 2023, 17:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vapor vapor
Vapor |
|
CPE | cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://github.com/vapor/vapor/releases/tag/4.84.2 - Release Notes | |
References | (MISC) https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3 - Patch | |
References | (MISC) https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm - Third Party Advisory |
05 Oct 2023, 19:13
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-05 18:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-44386
Mitre link : CVE-2023-44386
CVE.ORG link : CVE-2023-44386
JSON object : View
Products Affected
vapor
- vapor