CVE-2023-44386

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
GitHub_MCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
vaporvapor
4.83.2 ≤
𝑥
< 4.84.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3
https://github.com/vapor/vapor/releases/tag/4.84.2
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3
https://github.com/vapor/vapor/releases/tag/4.84.2
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm