Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fastify fastify vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
Fastify Fastify 2.14.1
Fastify Fastify 3.0.0
8.8
CVSSv3
CVE-2022-41919
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "...
Fastify Fastify
7.5
CVSSv3
CVE-2022-39288
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has...
Fastify Fastify
7.5
CVSSv3
CVE-2018-3711
Fastify node module prior to 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.
Fastify Fastify
8.8
CVSSv3
CVE-2020-28482
This affects the package fastify-csrf prior to 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
Fastify Fastify-csrf
7.5
CVSSv3
CVE-2020-8136
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an malicious user to crash fastify applications parsing multipart requests by sending a specially crafted request.
Fastify Fastify-multipart
8.8
CVSSv3
CVE-2021-22964
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote malicious users to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A...
Fastify Fastify-static
6.1
CVSSv3
CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote malicious users to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applica...
Fastify Fastify-static
7.5
CVSSv3
CVE-2023-25576
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body pa...
Fastify Fastify-multipart
7.5
CVSSv3
CVE-2021-23597
This affects the package fastify-multipart prior to 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Fastify Fastify-multipart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »