CVE-2020-9840: SwiftNIO Extras: Denial of Service Vulnerability in NIOHTTPRequest/ResponseDecompressor

SwiftNIO Extras in the version range 1.3.0 ... 1.4.0 is affected by a Denial of Service security vulnerability if the NIOHTTPCompression component. Specifically, the NIOHTTPRequest/ResponseDecompressor handlers when used with the .size(...) decompression limit. The vulnerability has been fixed in SwiftNIO Extras 1.4.1.

So please make sure to update your dependency to 1.4.1 or newer. For example:

.package(url: "https://github.com/apple/swift-nio-extras.git", from: "1.4.1")

For more details about the vulnerability see:

Many thanks to @adtrevor for the report of this security vulnerability.

4 Likes
Terms of Service

Privacy Policy

Cookie Policy