CVE-2023-44386

MEDIUM

Vapor < 4.84.2 - Denial of Service

Title source: rule

Description

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

References (3)

[Third Party Advisory] https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm

[Patch] https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3

View Patch ZIP pw:eip

[Release Notes] https://github.com/vapor/vapor/releases/tag/4.84.2

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-231 CWE-617 CWE-696

Status published

Products (2)

SwiftURL/github.com/vapor/vapor 4.83.2 - 4.84.2SwiftURL

vapor/vapor 4.83.2 - 4.84.2

Published Oct 05, 2023

Tracked Since Feb 18, 2026