{"id":"CVE-2021-21328","details":"Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.","aliases":["GHSA-gcj9-jj38-hwmc"],"modified":"2024-05-14T08:17:37.315563Z","published":"2021-02-26T02:15:12Z","references":[{"type":"ADVISORY","url":"https://github.com/vapor/vapor/security/advisories/GHSA-gcj9-jj38-hwmc"},{"type":"FIX","url":"https://github.com/vapor/vapor/commit/e3aa712508db2854ac0ab905696c65fd88fa7e23"},{"type":"WEB","url":"https://github.com/vapor/vapor/releases/tag/4.40.1"},{"type":"WEB","url":"https://vapor.codes/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vapor/vapor","events":[{"introduced":"0"},{"fixed":"e3aa712508db2854ac0ab905696c65fd88fa7e23"}]}],"versions":["0.0.0","0.0.0.0","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.10.0","0.11.0","0.11.1","0.12.0","0.12.1","0.12.2","0.12.3","0.13.0","0.14.0","0.15.0","0.15.1","0.15.2","0.15.3","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.2.0","0.2.1","0.2.10","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.7.0","0.7.1","0.8.0","0.8.1","0.8.2","0.9.0","0.9.1","0.9.2","1.0.0","1.0.1","1.0.2","1.0.3","1.1.0","1.1.1","1.1.10","1.1.11","1.1.12","1.1.13","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","1.3.1","1.3.10","1.3.11","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","2.0.0","2.0.0-alpha.1","2.0.0-alpha.10","2.0.0-alpha.11","2.0.0-alpha.12","2.0.0-alpha.13","2.0.0-alpha.14","2.0.0-alpha.15","2.0.0-alpha.16","2.0.0-alpha.17","2.0.0-alpha.18","2.0.0-alpha.19","2.0.0-alpha.2","2.0.0-alpha.20","2.0.0-alpha.21","2.0.0-alpha.22","2.0.0-alpha.23","2.0.0-alpha.24","2.0.0-alpha.3","2.0.0-alpha.4","2.0.0-alpha.5","2.0.0-alpha.6","2.0.0-alpha.7","2.0.0-alpha.8","2.0.0-alpha.9","2.0.0-beta.1","2.0.0-beta.10","2.0.0-beta.11","2.0.0-beta.12","2.0.0-beta.13","2.0.0-beta.14","2.0.0-beta.15","2.0.0-beta.16","2.0.0-beta.17","2.0.0-beta.18","2.0.0-beta.19","2.0.0-beta.2","2.0.0-beta.20","2.0.0-beta.21","2.0.0-beta.22","2.0.0-beta.23","2.0.0-beta.24","2.0.0-beta.25","2.0.0-beta.26","2.0.0-beta.3","2.0.0-beta.4","2.0.0-beta.5","2.0.0-beta.6","2.0.0-beta.7","2.0.0-beta.8","2.0.0-beta.9","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","3.0.0","3.0.0-alpha.1","3.0.0-alpha.11","3.0.0-alpha.12","3.0.0-alpha.2","3.0.0-alpha.3","3.0.0-alpha.4","3.0.0-alpha.5","3.0.0-alpha.7","3.0.0-alpha.8","3.0.0-alpha.x","3.0.0-beta.0","3.0.0-beta.1","3.0.0-beta.2","3.0.0-beta.3","3.0.0-beta.3.1","3.0.0-beta.3.1.1","3.0.0-beta.3.1.2","3.0.0-beta.3.1.3","3.0.0-beta.4","3.0.0-beta.4.1","3.0.0-rc.1","3.0.0-rc.1.1","3.0.0-rc.2","3.0.0-rc.2.0.1","3.0.0-rc.2.0.2","3.0.0-rc.2.1","3.0.0-rc.2.2","3.0.0-rc.2.2.1","3.0.0-rc.2.2.2","3.0.0-rc.2.2.3","3.0.0-rc.2.2.4","3.0.0-rc.2.3","3.0.0-rc.2.4","3.0.0-rc.2.4.1","3.0.0-rc.2.5","3.0.0-rc.2.6","3.0.0-rc.2.7","3.0.0-rc.2.8","3.0.0-rc.2.8.1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.1.0","3.1.1","3.1.2","3.1.3","4.0.0","4.0.0-alpha.1","4.0.0-alpha.1.1","4.0.0-alpha.1.2","4.0.0-alpha.1.3","4.0.0-alpha.1.4","4.0.0-alpha.1.5","4.0.0-alpha.1.5.1","4.0.0-alpha.2","4.0.0-alpha.2.1","4.0.0-alpha.3","4.0.0-alpha.3.1","4.0.0-alpha.3.1.1","4.0.0-alpha.3.2","4.0.0-beta.1","4.0.0-beta.2","4.0.0-beta.2.1","4.0.0-beta.3","4.0.0-beta.3.1","4.0.0-beta.3.10","4.0.0-beta.3.11","4.0.0-beta.3.12","4.0.0-beta.3.13","4.0.0-beta.3.14","4.0.0-beta.3.15","4.0.0-beta.3.16","4.0.0-beta.3.17","4.0.0-beta.3.18","4.0.0-beta.3.19","4.0.0-beta.3.2","4.0.0-beta.3.20","4.0.0-beta.3.21","4.0.0-beta.3.22","4.0.0-beta.3.23","4.0.0-beta.3.24","4.0.0-beta.3.25","4.0.0-beta.3.3","4.0.0-beta.3.4","4.0.0-beta.3.5","4.0.0-beta.3.6","4.0.0-beta.3.7","4.0.0-beta.3.8","4.0.0-beta.3.9","4.0.0-beta.4","4.0.0-beta.4.1","4.0.0-beta.4.2","4.0.0-rc.1","4.0.0-rc.1.1","4.0.0-rc.1.2","4.0.0-rc.1.3","4.0.0-rc.2","4.0.0-rc.2.1","4.0.0-rc.2.2","4.0.0-rc.2.3","4.0.0-rc.2.4","4.0.0-rc.2.5","4.0.0-rc.3","4.0.0-rc.3.1","4.0.0-rc.3.10","4.0.0-rc.3.11","4.0.0-rc.3.12","4.0.0-rc.3.2","4.0.0-rc.3.3","4.0.0-rc.3.4","4.0.0-rc.3.5","4.0.0-rc.3.6","4.0.0-rc.3.7","4.0.0-rc.3.8","4.0.0-rc.3.9","4.0.1","4.0.2","4.1.0","4.10.0","4.10.1","4.10.2","4.10.3","4.11.0","4.11.1","4.12.0","4.12.1","4.13.0","4.13.1","4.14.0","4.15.0","4.15.1","4.15.2","4.16.0","4.17.0","4.18.0","4.19.0","4.2.0","4.2.1","4.20.0","4.20.1","4.21.0","4.22.0","4.23.0","4.24.0","4.25.0","4.26.0","4.26.1","4.26.2","4.27.0","4.27.1","4.27.2","4.27.3","4.28.0","4.29.0","4.29.1","4.29.2","4.29.3","4.29.4","4.3.0","4.3.1","4.30.0","4.31.0","4.32.0","4.32.1","4.33.0","4.34.0","4.34.1","4.35.0","4.36.0","4.36.1","4.36.2","4.37.0","4.37.1","4.37.2","4.38.0","4.39.0","4.39.1","4.39.2","4.4.0","4.4.1","4.40.0","4.5.0","4.5.1","4.6.0","4.7.0","4.7.1","4.8.0","4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21328.json"}}],"schema_version":"1.6.0","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}