Vulnerability Description
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vapor | Vapor | >= 4.83.2, < 4.84.2 |
Related Weaknesses (CWE)
References
- https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3Patch
- https://github.com/vapor/vapor/releases/tag/4.84.2Release Notes
- https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhmThird Party Advisory
- https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3Patch
- https://github.com/vapor/vapor/releases/tag/4.84.2Release Notes
- https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhmThird Party Advisory
FAQ
What is CVE-2023-44386?
CVE-2023-44386 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse error...
How severe is CVE-2023-44386?
CVE-2023-44386 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44386?
Check the references section above for vendor advisories and patch information. Affected products include: Vapor Vapor.