Lucene search
China National Vulnerability DatabaseCNVD-2022-86307HistoryNov 24, 2022 - 12:00 a.m.
Fastify cross-site request forgery vulnerability
2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
fastify
node.js
openjs foundation
csrf
vulnerability
content-type
cors
0.001 Low
EPSS
Percentile
44.8%
Fastify is an open source web framework for Node.js from the OpenJS Foundation.Fastify A cross-site request forgery vulnerability exists in Fastify 3.0.0 and later, versions prior to 3.29.4, 4.0.0 and later, and versions prior to 4.10.2, which can be exploited to bypass checks by using the wrong Content-Type. The vulnerability can be exploited to launch cross-site request forgery attacks by using the wrong Content-Type to bypass checks and then bypass CORS protection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fastify fastify >=3.0.0, | lt | 3.29.4 | |
| fastify fastify >=4.0.0, | lt | 4.10.2 |
Related
cve
cve
CVE-2022-41919
2022-11-22 20:15:11
redhatcve
redhatcve
CVE-2022-41919
2023-01-09 20:05:41
prion
prion
Cross site request forgery (csrf)
2022-11-22 20:15:00
osv
osv
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
2022-11-21 22:28:11
CVE-2022-41919
2022-11-22 20:15:11
github
github
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
2022-11-21 22:28:11
nvd
nvd
CVE-2022-41919
2022-11-22 20:15:11
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-11-24 02:18:22
cvelist
cvelist