cbcvebase.
CVE-2020-15230
published 2020-10-02

CVE-2020-15230: Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application…

PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.53%
71.6th percentile
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comvapor_vapor>= 4.0.0-rc.2.5 < 4.29.44.29.4
vaporvapor< 4.29.44.29.4
vapor_projectvapor< 4.29.44.29.4

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.