CVE-2022-31019: Vapor vulnerable to denial of service in URLEncodedFormDecoder

June 7, 2023

Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder.

References

github.com/advisories/GHSA-qvxg-wjxc-r4gg
github.com/vapor/vapor
github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033
github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg
nvd.nist.gov/vuln/detail/CVE-2022-31019

Detect and mitigate CVE-2022-31019 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →