GHSA-vj2m-9f5j-mpr5

Suggest an improvement
Source
https://github.com/advisories/GHSA-vj2m-9f5j-mpr5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-vj2m-9f5j-mpr5/GHSA-vj2m-9f5j-mpr5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vj2m-9f5j-mpr5
Aliases
Published
2023-06-07T16:26:25Z
Modified
2023-11-08T04:09:22.231810Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Details

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client.

Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow when given invalid range headers while using FileMiddleware. This is patched in 4.60.3.

References

Affected packages

SwiftURL / github.com/vapor/vapor

Package

Name
github.com/vapor/vapor

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.60.3