Fabian Fett

2 exploits Active since May 2023
CVE-2023-31136 WRITEUP LOW WRITEUP
PostgresNIO <1.14.2 - Info Disclosure
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.
CVSS 3.7
CVE-2024-28867 WRITEUP MEDIUM WRITEUP
Apple Swift Prometheus < 2.0.0-alpha.2 - Injection
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. This vulnerability is fixed in2.0.0-alpha.2.
CVSS 5.9