Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
References
Link | Resource |
---|---|
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3 | Patch |
https://github.com/vapor/vapor/releases/tag/4.84.2 | Release Notes |
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-05T17:41:38.379Z
Updated: 2023-10-05T17:41:38.379Z
Reserved: 2023-09-28T17:56:32.613Z
Link: CVE-2023-44386
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-05T18:15:12.667
Modified: 2023-10-11T17:47:30.137
Link: CVE-2023-44386
JSON object: View
Redhat Information
No data.