Vapor 4.61.1: Fix DoS Vulnerability in URLEncodedFormDecoder

We've just fixed a vulnerability in Vapor's URLEncodedFormDecoder where an attacker could send a nested request body causing a stack overflow crash leading to a Denial of Service attack. You can see more details in the blog post or on the security advisory on GitHub.

Thanks to @weissi for reporting!

2 Likes