SNYK-COCOAPODS-SWIFTNIOHTTP1-5721881
## Overview [SwiftNIOHTTP1](https://cocoapods.org/pods/SwiftNIOHTTP1) is a cross-platform asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP request smuggling is possible using malformed `Transfer-Encoding` header. ## Remediation Upgrade `SwiftNIOHTTP1` to version 2.13.1 or higher. ## References - [GitHub Commit](https://github.com/nodejs/node/commit/eea3a7429b) - [HackerOne Report](https://hackerone.com/reports/735748) - [Snyk Blog](https://snyk.io/blog/node-js-release-fixes-a-critical-http-security-vulnerability/) - [Swift GitHub Commit](https://github.com/apple/swift-nio/commit/df9390006bce7da1b6273f804d3acbbfdfcc6154)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 |
Timeline
- Feb 6, 2020 CVE Published
- Feb 6, 2020 CVE Updated
References
- https://security.snyk.io/vuln/SNYK-COCOAPODS-SWIFTNIOHTTP1-5721881 advisory
- https://cocoapods.org/pods/SwiftNIOHTTP1 technical
- https://github.com/nodejs/node/commit/eea3a7429b patch
- https://hackerone.com/reports/735748 technical
- https://snyk.io/blog/node-js-release-fixes-a-critical-http-security-vulnerability/ technical
- https://github.com/apple/swift-nio/commit/df9390006bce7da1b6273f804d3acbbfdfcc6154 patch