GHSA-vj2m-9f5j-mpr5

Source

https://github.com/advisories/GHSA-vj2m-9f5j-mpr5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-vj2m-9f5j-mpr5/GHSA-vj2m-9f5j-mpr5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vj2m-9f5j-mpr5

Aliases

CVE-2022-31005

Published

2023-06-07T16:26:25Z

Modified

2023-11-08T04:09:22.231810Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Details

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client.

Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow when given invalid range headers while using FileMiddleware. This is patched in 4.60.3.

Database specific

{
    "nvd_published_at": "2022-05-31T20:15:00Z",
    "cwe_ids": [
        "CWE-190"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-07T16:26:25Z"
}

References

Affected packages

SwiftURL / github.com/vapor/vapor

Package

Name: github.com/vapor/vapor
Purl: pkg:swift/github.com/vapor/vapor

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.60.3