SNYK-SWIFT-APPLESWIFTNIO-3105797
## Overview [apple/swift-nio](https://github.com/apple/swift-nio) is an event-driven network application framework for high performance protocol servers & clients, non-blocking. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP request smuggling is possible using malformed `Transfer-Encoding` header. ## Remediation Upgrade `apple/swift-nio` to version 1.14.2, 2.13.1 or higher. ## References - [GitHub Commit](https://github.com/nodejs/node/commit/eea3a7429b) - [HackerOne Report](https://hackerone.com/reports/735748) - [Snyk Blog](https://snyk.io/blog/node-js-release-fixes-a-critical-http-security-vulnerability/) - [Swift GitHub Commit](https://github.com/apple/swift-nio/commit/df9390006bce7da1b6273f804d3acbbfdfcc6154)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
Timeline
- Feb 6, 2020 CVE Published
- Feb 6, 2020 CVE Updated
References
- https://security.snyk.io/vuln/SNYK-SWIFT-APPLESWIFTNIO-3105797 advisory
- https://github.com/apple/swift-nio technical
- https://github.com/nodejs/node/commit/eea3a7429b patch
- https://hackerone.com/reports/735748 technical
- https://snyk.io/blog/node-js-release-fixes-a-critical-http-security-vulnerability/ technical
- https://github.com/apple/swift-nio/commit/df9390006bce7da1b6273f804d3acbbfdfcc6154 patch