Overview
- Description
- Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-231
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E52303C2-AF9E-4F61-86C3-EDD76AD0BB43",
"versionEndExcluding": "4.84.2",
"versionStartIncluding": "4.83.2"
}
],
"operator": "OR"
}
]
}
]