Vulnerability Description
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vapor Project | Vapor | < 4.29.4 |
Related Weaknesses (CWE)
References
- https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255PatchThird Party Advisory
- https://github.com/vapor/vapor/pull/2500Third Party Advisory
- https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gqThird Party Advisory
- https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255PatchThird Party Advisory
- https://github.com/vapor/vapor/pull/2500Third Party Advisory
- https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gqThird Party Advisory
FAQ
What is CVE-2020-15230?
CVE-2020-15230 is a vulnerability with a CVSS score of 8.5 (HIGH). Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware a...
How severe is CVE-2020-15230?
CVE-2020-15230 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15230?
Check the references section above for vendor advisories and patch information. Affected products include: Vapor Project Vapor.