CVE-2023-44386
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| vapor | vapor | >= 4.83.2, < 4.84.2 | affected |
Weaknesses
- CWE-231: CWE-231: Improper Handling of Extra Values
- CWE-617: CWE-617: Reachable Assertion
- CWE-696: CWE-696: Incorrect Behavior Order
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm
- https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3
- https://github.com/vapor/vapor/releases/tag/4.84.2
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm
- https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3
- https://github.com/vapor/vapor/releases/tag/4.84.2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.