3 matches found
@amedia/brick-mcp (>=0.0.0-vBRAND-20260313141110 <=1.0.3), @area15/ticket-component (=0.1.0) +170 more potentially affected by CVE-2025-32442 +1 more via fastify (>=5.3.2 <=5.8.4)
fastify NPM version =5.3.2, =0.0.0-vBRAND-20260313141110, =2.0.1, =1.1.1, =0.6.2, =0.1.1, =0.1.1, =0.6.0, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =0.1.0, =0.8.2 and more Source cves: CVE-2025-32442, CVE-2026-33806 Source advisory: OSV:GHSA-247C-9743-5963...
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
CVE-2026-33806
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...