CVE-2022-31005

Опубликовано: 31 мая 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

Ссылки

https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1
Patch
Third Party Advisory
https://github.com/vapor/vapor/releases/tag/4.60.3
Release Notes
Third Party Advisory
https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5
Exploit
Third Party Advisory
https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1
Patch
Third Party Advisory
https://github.com/vapor/vapor/releases/tag/4.60.3
Release Notes
Third Party Advisory
https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*

Версия до 4.60.3 (исключая)

EPSS

Процентиль: 70%

0.0062

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-vj2m-9f5j-mpr5