Lucene search
SnykCVELIST:CVE-2021-23597HistoryFeb 11, 2022 - 5:05 p.m.
CVE-2021-23597 Denial of Service (DoS)
2022-02-1117:05:13
snyk
www.cve.org
3
fastify-multipart package
denial of service
cve-2021-23597
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS
0.002
Percentile
59.3%
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
CNA Affected
[
{
"product": "fastify-multipart",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
Uncaught Exception in fastify-multipart
2022-02-11 18:57:53
Uncontrolled Resource Consumption in fastify-multipart
2021-05-06 17:28:36
osv
osv
CVE-2021-23597
2022-02-11 17:15:08
Uncaught Exception in fastify-multipart
2022-02-11 18:57:53
CVE-2020-8136
2020-03-20 19:15:12
prion
prion
Design/Logic Flaw
2022-02-11 17:15:00
Cross site request forgery (csrf)
2020-03-20 19:15:00
cve
cve
CVE-2021-23597
2022-02-11 17:15:08
CVE-2020-8136
2020-03-20 19:15:12
nvd
nvd
CVE-2021-23597
2022-02-11 17:15:08
CVE-2020-8136
2020-03-20 19:15:12
veracode
veracode
Denial Of Service (DoS)
2022-02-15 03:35:13
Prototype Pollution
2020-03-02 07:11:01
hackerone
hackerone
Node.js third-party modules: Prototype pollution in multipart parsing
2020-02-25 17:51:30
cvelist
cvelist
CVE-2020-8136
2020-03-20 18:26:21
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS
0.002
Percentile
59.3%
Related for CVELIST:CVE-2021-23597