CVE-2019-15605: SwiftNIO: HTTP request smuggling using malformed Transfer-Encoding header

SwiftNIO before 2.13.1 (and SwiftNIO 1 before 1.14.2) are vulnerable to CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.

Please make sure you immediately upgrade to SwiftNIO >= 2.13.1 (or >= 1.14.2 for SwiftNIO 1).

For more information about this vulnerability:

Again, we'd like to thank ZeddYu Lu for his prompt reporting of the issue to us.

And apologies for the delayed post in this category which happened because we were under the impression that we should get a specific CVE number for SwiftNIO instead of sharing the Node.js CVE. We were advised to re-use Node.js's CVE number because it's the same vulnerability in the same codebase.

Terms of Service

Privacy Policy

Cookie Policy