30 matches found
@andesite-lab/andesite-core (=1.60.2), @bechara/crux (>=6.0.0 <=6.6.2) +139 more potentially affected by CVE-2025-32442 via fastify (>=5.0.0 <=5.3.1)
fastify NPM version =5.0.0, =6.0.0, =0.2.305, =1.0.6, =1.0.11, =1.9.4, =2.0.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.8.3 - @citrineos/ocpi-base =2.0.1 - @citrineos/ocpi-cdrs =2.0.1 and more Source cves: CVE-2025-32442 Source advisory: OSV:GHSA-MG2H-6X62-WPWC...
@chainlink/external-adapter-framework (>=1.7.5 <=1.7.7), @intuned/runtime (=1.3.15) +89 more potentially affected by CVE-2025-32442 via fastify (=4.29.0)
fastify NPM version =4.29.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastify and may be impacted: - @chainlink/external-adapter-framework =1.7.5, =1.3.14-ts-runtime-helpers, =0.0.0-a2a-20250421213654, =3.26.12-beta.2, =0.0.2, =0.3.23, =1.1.26,...
PT-2025-17315
Name of the Vulnerable Software and Affected Versions Fastify versions 4.29.0 through 5.3.1 Fastify version 4.9.0 Description Fastify is a fast, low overhead web framework for Node.js. Applications specifying different validation strategies for different content types may bypass validation by...
Fastify 安全漏洞
Fastify is a web framework from Fastify open source. A security vulnerability exists in Fastify versions 5.0.0 through 5.3.0 that stems from a possible bypass of content type validation...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
@aeppic/install-build-server (>=1.2.0 <=1.9.8), @aeppic/install-repository-server (>=1.2.2 <=2.0.2) +141 more potentially affected by CVE-2022-41919 via fastify (>=3.0.0 <=3.29.3)
fastify NPM version =3.0.0, =1.2.0, =1.2.2, =0.0.68, =0.0.5, =1.0.0, =2.0.0, =1.1.1, =1.0.0, =1.0.0, =1.0.0, =4.23.1, =2.7.0, =1.0.0, =1.3.0 - @bronosorg/graph-indexer-service =1.0.0 and more Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...
03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +2534 more potentially affected by CVE-2022-39288 via fastify (>=4.0.2 <=4.7.0)
fastify NPM version =4.0.2, =1.0.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =2.0.0, =3.0.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2022-39288 Source advisory: OSV:GHSA-455W-C45V-86RG...
Fastify 代码问题漏洞
Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...
CVE-2022-39288 Denial of service in Fastify via Content-Type header
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...
46c-sector (>=1.0.0 <=1.2.1), @agentframework/cli (>=0.9.6 <=0.11.1) +186 more potentially affected by CVE-2020-8192 via fastify (>=0.21.0 <=2.15.0)
fastify NPM version =0.21.0, =1.0.0, =0.9.6, =0.3.0, =2.0.0, =6.3.1, =1.0.0, =0.1.0, =0.0.1, =1.0.0-alpha.9, =1.0.0-alpha.1, =0.0.3, =1.1.3, =1.2.1 - @gyrfalcon/nuxt =1.0.0 and more Source cves: CVE-2020-8192 Source advisory: OSV:GHSA-XW5P-HW6R-2J98...