VYPR
Vendor

Swift

Products
5
CVEs
8
Across products
8
Status
Private

Products

5

Recent CVEs

8
  • CVE-2022-3918Jan 20, 2023
    risk 0.00cvss epss 0.01

    A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via…

  • CVE-2022-3215Sep 28, 2022
    risk 0.00cvss epss 0.01

    NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious…

  • CVE-2022-3252Sep 21, 2022
    risk 0.00cvss epss 0.01

    Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the…

  • CVE-2022-1642Jun 16, 2022
    risk 0.00cvss epss 0.01

    A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the…

  • CVE-2020-23038Oct 22, 2021
    risk 0.00cvss epss 0.03

    Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.

  • CVE-2020-9861Nov 2, 2020
    risk 0.00cvss epss 0.01

    A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

  • CVE-2020-9840May 11, 2020
    risk 0.00cvss epss 0.01

    In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

  • CVE-2018-16386Jul 5, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing…