Skip to content

Rewrite metrics path and method to undefined for unknown routes

Compare
Choose a tag to compare
@0xTim 0xTim released this 22 Feb 16:21
e3aa712

Fixes an issue where an attacker could perform a denial of service attack against a Vapor application using Metrics. By sending requests to either dynamic paths with values that return a 404 or unknown paths, unlimited counters and timers could be created. This could potentially drain the system and cause knock-on effect on downstream systems.