Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fastify fastify vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-8136
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an malicious user to crash fastify applications parsing multipart requests by sending a specially crafted request.
Fastify Fastify-multipart
7.5
CVSSv3
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patche...
Fastify Websocket
Fastify Websocket 5.0.0
10
CVSSv3
CVE-2021-21321
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the...
Fastify-reply-from Project Fastify-reply-from
9.8
CVSSv3
CVE-2021-21322
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user e...
Fastify-http-proxy Project Fastify-http-proxy
7.5
CVSSv3
CVE-2022-31142
@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corres...
Fastify Bearer-auth 8.0.0
Fastify Bearer-auth
8.1
CVSSv3
CVE-2023-29019
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to ...
Fastify Passport
6.5
CVSSv3
CVE-2023-29020
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network an...
Fastify Passport
8.8
CVSSv3
CVE-2023-31999
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and shoul...
Fastify Oauth2
7.5
CVSSv3
CVE-2023-51701
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass...
Fastify Reply-from
6.5
CVSSv3
CVE-2023-27495
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @...
Fastify Csrf-protection
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »