Infinite loop Affecting swift package, versions [2.35.1,]


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.32% (24th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-SWIFT-17675135
  • published29 Jun 2026
  • disclosed27 May 2026
  • creditUnknown

Introduced: 27 May 2026

CVE-2026-49017  (opens in a new tab)
CWE-835  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

swift is an OpenStack Object Storage

Affected versions of this package are vulnerable to Infinite loop via the StreamingInput process. An attacker can cause proxy-server workers to become permanently unresponsive and exhaust system resources by sending specially crafted, truncated aws-chunked PUT requests to the s3api middleware.

Workaround

This vulnerability can be mitigated by disabling the s3api middleware in the Swift proxy server configuration if S3 API compatibility is not required.

CVSS Base Scores

version 4.0
version 3.1