Vulnerability Details CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 4.0
References
- https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255
- https://github.com/vapor/vapor/pull/2500
- https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq
- https://github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255
- https://github.com/vapor/vapor/pull/2500
- https://github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq
Products affected by CVE-2020-15230
-
cpe:2.3:a:vapor_project:vapor:*