Swift
Products
5- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3918 | 0.00 | — | 0.01 | Jan 20, 2023 | A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via… | |||
| CVE-2022-3215 | 0.00 | — | 0.01 | Sep 28, 2022 | NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious… | |||
| CVE-2022-3252 | 0.00 | — | 0.01 | Sep 21, 2022 | Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the… | |||
| CVE-2022-1642 | 0.00 | — | 0.01 | Jun 16, 2022 | A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the… | |||
| CVE-2020-23038 | 0.00 | — | 0.03 | Oct 22, 2021 | Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | |||
| CVE-2020-9861 | 0.00 | — | 0.01 | Nov 2, 2020 | A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. | |||
| CVE-2020-9840 | 0.00 | — | 0.01 | May 11, 2020 | In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. | |||
| CVE-2018-16386 | 0.00 | — | 0.01 | Jul 5, 2019 | An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing… |
- CVE-2022-3918Jan 20, 2023risk 0.00cvss —epss 0.01
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via…
- CVE-2022-3215Sep 28, 2022risk 0.00cvss —epss 0.01
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious…
- CVE-2022-3252Sep 21, 2022risk 0.00cvss —epss 0.01
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the…
- CVE-2022-1642Jun 16, 2022risk 0.00cvss —epss 0.01
A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the…
- CVE-2020-23038Oct 22, 2021risk 0.00cvss —epss 0.03
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
- CVE-2020-9861Nov 2, 2020risk 0.00cvss —epss 0.01
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.
- CVE-2020-9840May 11, 2020risk 0.00cvss —epss 0.01
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
- CVE-2018-16386Jul 5, 2019risk 0.00cvss —epss 0.01
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing…