Description
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq
Third Party Advisory x_refsource_misc
https://github.com/vapor/vapor/pull/2500
Patch, Third Party Advisory x_refsource_misc
https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255
Scores
CVSS v3
8.5
EPSS
0.0153
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (2)
SwiftURL/github.com/vapor/vapor
4.0.0-rc.2.5 - 4.29.4SwiftURL
vapor_project/vapor
< 4.29.4
Published
Oct 02, 2020
Tracked Since
Feb 18, 2026