Lucene search

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

🗓️ 14 Feb 2023 15:11:04Reported by GitHub_MType

@fastify/multipart DoS vulnerability fix in v7.4.1 and v6.0.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2023-25576	14 Feb 202316:15	–	cve
NVD	CVE-2023-25576	14 Feb 202316:15	–	nvd
OSV	Denial of service due to unlimited number of parts	14 Feb 202321:49	–	osv
OSV	CVE-2023-25576	14 Feb 202316:15	–	osv
Veracode	Denial Of Service (DoS)	15 Feb 202307:37	–	veracode
Prion	Code injection	14 Feb 202316:15	–	prion
Vulnrichment	CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts	14 Feb 202315:04	–	vulnrichment
Github Security Blog	Denial of service due to unlimited number of parts	14 Feb 202321:49	–	github

[
  {
    "vendor": "fastify",
    "product": "fastify-multipart",
    "versions": [
      {
        "version": "< 6.0.1",
        "status": "affected"
      },
      {
        "version": ">= 7.0.0, < 7.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1816195
github	www.github.com/fastify/fastify-multipart/releases/tag/v7.4.1
github	www.github.com/fastify/fastify-multipart/commit/85be81bedf5b29cfd9fe3efc30fb5a17173c1297
github	www.github.com/fastify/fastify-multipart/security/advisories/GHSA-hpp2-2cr5-pf6g
github	www.github.com/fastify/fastify-multipart/releases/tag/v6.0.1

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Feb 2023 15:04Current

7.5High risk

Vulners AI Score7.5

CVSS37.5

EPSS0.00298

CWE-770