Vapor HTTP Error Handling Security Vulnerability

We've just released Vapor 4.84.2 which contains a fix for a security vulnerability in Vapor's error handling. An attacker could crash a Vapor application by sending invalid requests, such as a GET request with a body and Content-Length that was incorrect, which under certain scenarios could lead to a Denial of Service attack. This has been designated as CVE-2023-44386.

→ blog.vapor.codes/posts/security-advisory-GHSA-3mwq-h3g6-ffhm/

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds, send me a comment via email, and/or leave a donation in the Tip Jar.

Tags