Vapor 4.47.2: Fix for potentially exposing server memory and/or crash upon decoding invalid base32 data

In Vapor versions before 4.47.2 there was a potential for accessing arbitrary server memory when decoding invalid base32 data.

If your application (or one of your dependencies) uses Data.init(base32Encoded:) you should update to 4.47.2.

For more information, see the Security Advisory on Github. This issue has been assigned the CVE-2021-32742.

3 Likes