CVE-2019-8849: SwiftNIO SSL arbitrary code execution vulnerability
(updated )
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1.
References
- github.com/advisories/GHSA-frg3-gpcx-968f
- github.com/apple/swift-nio-ssl
- github.com/apple/swift-nio-ssl/commit/109faef770994e71b6bafcc015e2e96b88a4af8c
- github.com/apple/swift-nio-ssl/releases/tag/2.4.1
- nvd.nist.gov/vuln/detail/CVE-2019-8849
- security.snyk.io/vuln/SNYK-COCOAPODS-SWIFTNIOSSL-8492737
- support.apple.com/HT210772
Detect and mitigate CVE-2019-8849 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →