Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 26/02/2021 Updated: 05/03/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vapor project vapor

CWE-400 https://github.com/vapor/vapor/commit/e3aa712508db2854ac0ab905696c65fd88fa7e23 https://github.com/vapor/vapor/releases/tag/4.40.1 https://github.com/vapor/vapor/security/advisories/GHSA-gcj9-jj38-hwmc https://vapor.codes/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21328

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect