Lucene search
K

30 matches found

vulnersOsv
vulnersOsv
added 2025/04/18 3:2 p.m.10 views

@andesite-lab/andesite-core (=1.60.2), @bechara/crux (>=6.0.0 <=6.6.2) +139 more potentially affected by CVE-2025-32442 via fastify (>=5.0.0 <=5.3.1)

fastify NPM version =5.0.0, =6.0.0, =0.2.305, =1.0.6, =1.0.11, =1.9.4, =2.0.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.8.3 - @citrineos/ocpi-base =2.0.1 - @citrineos/ocpi-cdrs =2.0.1 and more Source cves: CVE-2025-32442 Source advisory: OSV:GHSA-MG2H-6X62-WPWC...

7.5CVSS7.2AI score0.00635EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/04/18 3:2 p.m.9 views

@chainlink/external-adapter-framework (>=1.7.5 <=1.7.7), @intuned/runtime (=1.3.15) +89 more potentially affected by CVE-2025-32442 via fastify (=4.29.0)

fastify NPM version =4.29.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastify and may be impacted: - @chainlink/external-adapter-framework =1.7.5, =1.3.14-ts-runtime-helpers, =0.0.0-a2a-20250421213654, =3.26.12-beta.2, =0.0.2, =0.3.23, =1.1.26,...

7.5CVSS7.1AI score0.00635EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.3 views

PT-2025-17315

Name of the Vulnerable Software and Affected Versions Fastify versions 4.29.0 through 5.3.1 Fastify version 4.9.0 Description Fastify is a fast, low overhead web framework for Node.js. Applications specifying different validation strategies for different content types may bypass validation by...

7.5CVSS7AI score0.00635EPSS
Exploits1References23
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.8 views

Fastify 安全漏洞

Fastify is a web framework from Fastify open source. A security vulnerability exists in Fastify versions 5.0.0 through 5.3.0 that stems from a possible bypass of content type validation...

7.5CVSS7.4AI score0.00635EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.4 views

CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

4.2CVSS8.7AI score0.00369EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/11/21 10:28 p.m.6 views

@aeppic/install-build-server (>=1.2.0 <=1.9.8), @aeppic/install-repository-server (>=1.2.2 <=2.0.2) +141 more potentially affected by CVE-2022-41919 via fastify (>=3.0.0 <=3.29.3)

fastify NPM version =3.0.0, =1.2.0, =1.2.2, =0.0.68, =0.0.5, =1.0.0, =2.0.0, =1.1.1, =1.0.0, =1.0.0, =1.0.0, =4.23.1, =2.7.0, =1.0.0, =1.3.0 - @bronosorg/graph-indexer-service =1.0.0 and more Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...

8.8CVSS7.2AI score0.00369EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/11 1:45 p.m.6 views

03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +2534 more potentially affected by CVE-2022-39288 via fastify (>=4.0.2 <=4.7.0)

fastify NPM version =4.0.2, =1.0.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =2.0.0, =3.0.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2022-39288 Source advisory: OSV:GHSA-455W-C45V-86RG...

7.5CVSS7.2AI score0.59244EPSS
Exploits0
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.27 views

Fastify 代码问题漏洞

Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...

7.5CVSS6.7AI score0.59244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/10/10 12:0 a.m.4 views

CVE-2022-39288 Denial of service in Fastify via Content-Type header

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

7.5CVSS7.4AI score0.59244EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/08/05 2:53 p.m.5 views

46c-sector (>=1.0.0 <=1.2.1), @agentframework/cli (>=0.9.6 <=0.11.1) +186 more potentially affected by CVE-2020-8192 via fastify (>=0.21.0 <=2.15.0)

fastify NPM version =0.21.0, =1.0.0, =0.9.6, =0.3.0, =2.0.0, =6.3.1, =1.0.0, =0.1.0, =0.0.1, =1.0.0-alpha.9, =1.0.0-alpha.1, =0.0.3, =1.1.3, =1.2.1 - @gyrfalcon/nuxt =1.0.0 and more Source cves: CVE-2020-8192 Source advisory: OSV:GHSA-XW5P-HW6R-2J98...

6.5CVSS6.5AI score0.01157EPSS
Exploits1
Rows per page
Query Builder