Improper Handling of Exceptional Conditions Affecting github.com/vapor/vapor package, versions >=4.83.2 <4.84.2


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.09% (41st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SWIFT-VAPORVAPOR-5950373
  • published8 Oct 2023
  • disclosed5 Oct 2023
  • creditt0rchwo0d

Introduced: 5 Oct 2023

CVE-2023-44386  (opens in a new tab)
CWE-231  (opens in a new tab)

How to fix?

Upgrade vapor/vapor to version 4.84.2 or higher.

Overview

vapor/vapor is an a server-side Swift HTTP web framework.

Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to the incorrect handling of HTTP 1.x request parsing errors, an attacker can trigger a precondition failure in swift-nio by misusing the API, causing an immediate termination of the server process.

CVSS Scores

version 3.1