Vapor FileMiddleware Security Vulnerability

We've just released Vapor 4.60.3 which contains a fix for a security vulnerability in Vapor's FileMiddleware. An attacker could crash a Vapor application by sending invalid Range headers under certain scenarios, leading to a Denial of Service attack. This has been designated as CVE-2022-31005.

→ blog.vapor.codes/posts/security-advisory-GHSA-vj2m-9f5j-mpr5/

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds, send me a comment via email, and/or leave a donation in the Tip Jar.

Tags