Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fastify fastify vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
Fastify Fastify 2.14.1
Fastify Fastify 3.0.0
NA
CVE-2022-41919
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "...
Fastify Fastify
5
CVSSv2
CVE-2018-3711
Fastify node module prior to 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.
Fastify Fastify
NA
CVE-2022-39288
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has...
Fastify Fastify
4.3
CVSSv2
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf before 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"...
Fastify Fastify-csrf
5
CVSSv2
CVE-2021-23597
This affects the package fastify-multipart prior to 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Fastify Fastify-multipart
6.8
CVSSv2
CVE-2020-28482
This affects the package fastify-csrf prior to 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
Fastify Fastify-csrf
5.8
CVSSv2
CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote malicious users to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applica...
Fastify Fastify-static
6.8
CVSSv2
CVE-2021-22964
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote malicious users to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A...
Fastify Fastify-static
5
CVSSv2
CVE-2020-8136
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an malicious user to crash fastify applications parsing multipart requests by sending a specially crafted request.
Fastify Fastify-multipart
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »