In Vapor versions before 4.47.2 there was a potential for accessing arbitrary server memory when decoding invalid base32 data.
If your application (or one of your dependencies) uses
Data.init(base32Encoded:) you should update to 4.47.2.
For more information, see the Security Advisory on Github. This issue has been assigned the CVE-2021-32742.