{"id":"CVE-2021-32742","details":"Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that use the impacted function directly or through other dependencies. The vulnerability is patched in version 4.47.2. As a workaround, one may use an alternative to Vapor's built-in `Data.init(base32Encoded:)`.","aliases":["GHSA-pqwh-c2f3-vxmq"],"modified":"2026-04-12T03:26:59.692206Z","published":"2021-07-09T14:15:07.987Z","related":["GHSA-pqwh-c2f3-vxmq"],"references":[{"type":"ADVISORY","url":"https://github.com/vapor/vapor/releases/tag/4.47.2"},{"type":"ADVISORY","url":"https://github.com/vapor/vapor/security/advisories/GHSA-pqwh-c2f3-vxmq"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vapor/vapor","events":[{"introduced":"0"},{"fixed":"f94f0bff47c1c07df6e404e889f5c71c4270a9ea"}],"database_specific":{"cpe":"cpe:2.3:a:vapor_project:vapor:*:*:*:*:*:swift:*:*","extracted_events":[{"introduced":"0"},{"fixed":"4.47.2"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["0.1.6","0.1.7","0.1.8","0.1.9","0.10.0","0.11.0","0.11.1","0.12.0","0.12.1","0.12.2","0.12.3","0.13.0","0.14.0","0.15.0","0.15.1","0.15.2","0.15.3","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.2.0","0.2.1","0.2.10","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.7.0","0.7.1","0.8.0","0.8.1","0.8.2","0.9.0","0.9.1","0.9.2","1.0.0","1.0.1","1.0.2","1.0.3","1.1.0","1.1.1","1.1.10","1.1.11","1.1.12","1.1.13","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","1.3.1","1.3.10","1.3.11","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","2.0.0","2.0.0-alpha.1","2.0.0-alpha.14","2.0.0-alpha.15","2.0.0-alpha.16","2.0.0-alpha.17","2.0.0-alpha.18","2.0.0-alpha.19","2.0.0-alpha.20","2.0.0-alpha.21","2.0.0-alpha.22","2.0.0-alpha.23","2.0.0-alpha.24","2.0.0-beta.1","2.0.0-beta.10","2.0.0-beta.12","2.0.0-beta.13","2.0.0-beta.14","2.0.0-beta.15","2.0.0-beta.16","2.0.0-beta.17","2.0.0-beta.18","2.0.0-beta.19","2.0.0-beta.2","2.0.0-beta.20","2.0.0-beta.21","2.0.0-beta.22","2.0.0-beta.23","2.0.0-beta.24","2.0.0-beta.25","2.0.0-beta.26","2.0.0-beta.3","2.0.0-beta.4","2.0.0-beta.5","2.0.0-beta.6","2.0.0-beta.7","2.0.0-beta.8","2.0.0-beta.9","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","3.0.0","3.0.0-rc.1","3.0.0-rc.1.1","3.0.0-rc.2","3.0.0-rc.2.0.1","3.0.0-rc.2.0.2","3.0.0-rc.2.1","3.0.0-rc.2.2","3.0.0-rc.2.2.1","3.0.0-rc.2.2.2","3.0.0-rc.2.2.3","3.0.0-rc.2.2.4","3.0.0-rc.2.3","3.0.0-rc.2.4","3.0.0-rc.2.4.1","3.0.0-rc.2.5","3.0.0-rc.2.6","3.0.0-rc.2.7","3.0.0-rc.2.8","3.0.0-rc.2.8.1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.1.0","3.1.1","3.1.2","3.1.3","4.0.0","4.0.0-alpha.1","4.0.0-alpha.1.1","4.0.0-alpha.1.2","4.0.0-alpha.1.3","4.0.0-alpha.1.4","4.0.0-alpha.1.5","4.0.0-alpha.1.5.1","4.0.0-alpha.2","4.0.0-alpha.2.1","4.0.0-alpha.3","4.0.0-alpha.3.1","4.0.0-alpha.3.1.1","4.0.0-alpha.3.2","4.0.0-beta.1","4.0.0-beta.2","4.0.0-beta.2.1","4.0.0-beta.3","4.0.0-beta.3.1","4.0.0-beta.3.10","4.0.0-beta.3.11","4.0.0-beta.3.12","4.0.0-beta.3.16","4.0.0-beta.3.17","4.0.0-beta.3.18","4.0.0-beta.3.19","4.0.0-beta.3.2","4.0.0-beta.3.20","4.0.0-beta.3.21","4.0.0-beta.3.22","4.0.0-beta.3.23","4.0.0-beta.3.24","4.0.0-beta.3.25","4.0.0-beta.3.3","4.0.0-beta.3.4","4.0.0-beta.3.5","4.0.0-beta.3.6","4.0.0-beta.3.7","4.0.0-beta.3.8","4.0.0-beta.3.9","4.0.0-beta.4","4.0.0-beta.4.1","4.0.0-beta.4.2","4.0.0-rc.1","4.0.0-rc.1.1","4.0.0-rc.1.2","4.0.0-rc.1.3","4.0.0-rc.2","4.0.0-rc.2.1","4.0.0-rc.2.2","4.0.0-rc.2.3","4.0.0-rc.2.4","4.0.0-rc.2.5","4.0.0-rc.3","4.0.0-rc.3.1","4.0.0-rc.3.10","4.0.0-rc.3.11","4.0.0-rc.3.12","4.0.0-rc.3.2","4.0.0-rc.3.3","4.0.0-rc.3.4","4.0.0-rc.3.5","4.0.0-rc.3.6","4.0.0-rc.3.7","4.0.0-rc.3.8","4.0.0-rc.3.9","4.0.1","4.0.2","4.1.0","4.10.0","4.10.1","4.10.2","4.10.3","4.11.0","4.11.1","4.12.0","4.12.1","4.13.0","4.13.1","4.14.0","4.15.0","4.15.1","4.15.2","4.16.0","4.17.0","4.18.0","4.19.0","4.2.0","4.2.1","4.20.0","4.20.1","4.21.0","4.22.0","4.23.0","4.24.0","4.25.0","4.26.0","4.26.1","4.26.2","4.27.0","4.27.1","4.27.2","4.27.3","4.28.0","4.29.0","4.29.1","4.29.2","4.29.3","4.29.4","4.3.0","4.3.1","4.30.0","4.31.0","4.32.0","4.32.1","4.33.0","4.34.0","4.34.1","4.35.0","4.36.0","4.36.1","4.36.2","4.37.0","4.37.1","4.37.2","4.38.0","4.39.0","4.39.1","4.39.2","4.4.0","4.4.1","4.40.0","4.40.1","4.41.0","4.41.1","4.41.10","4.41.11","4.41.2","4.41.3","4.41.4","4.41.5","4.41.6","4.41.7","4.41.8","4.41.9","4.42.0","4.43.0","4.43.1","4.43.2","4.44.0","4.44.1","4.44.2","4.44.3","4.44.4","4.45.0","4.45.1","4.45.2","4.45.3","4.45.4","4.45.5","4.45.6","4.45.7","4.46.0","4.47.0","4.47.1","4.5.0","4.5.1","4.6.0","4.7.0","4.7.1","4.8.0","4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32742.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}