Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fastify fastify vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
Fastify Fastify 2.14.1
Fastify Fastify 3.0.0
NA
CVE-2022-41919
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "...
Fastify Fastify
445
VMScore
CVE-2018-3711
Fastify node module prior to 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.
Fastify Fastify
NA
CVE-2022-39288
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has...
Fastify Fastify
445
VMScore
CVE-2021-23597
This affects the package fastify-multipart prior to 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Fastify Fastify-multipart
383
VMScore
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf before 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"...
Fastify Fastify-csrf
NA
CVE-2023-25576
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body pa...
Fastify Fastify-multipart
516
VMScore
CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote malicious users to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applica...
Fastify Fastify-static
605
VMScore
CVE-2020-28482
This affects the package fastify-csrf prior to 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
Fastify Fastify-csrf
445
VMScore
CVE-2020-8136
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an malicious user to crash fastify applications parsing multipart requests by sending a specially crafted request.
Fastify Fastify-multipart
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »