Vapor Project Vapor vulnerabilities

CVE-2021-32742 [CRITICAL] CWE-502 CVE-2021-32742: Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encode Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact a

CVE-2021-21328 [MEDIUM] CWE-400 CVE-2021-21328: Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against an Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the sy

CVE-2020-15230 [MEDIUM] CWE-22 CVE-2020-15230: Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arb Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.