HIGH🇵🇱 Wersja polska

CVE-2022-31019

CVSS 7.5v3.1pub. 2022-06-09upd. 2024-11-21

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Vapor

    APP
    Vapor
    < 4.61.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-31005HIGH7.5ten sam produkt

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled a...

CVE-2024-21631MEDIUM6.5ten sam produkt

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function us...

CVE-2023-44386MEDIUM5.3ten sam produkt

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of af...

CVE-2021-37634HIGH7.4ten sam vendor

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-...

CVE-2026-28499MEDIUM6.9ten sam vendor

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't wo...