641 matches found
GHSA-R4WM-X892-VJMX Nest has a Fastify URL Encoding Middleware Bypass
Impact What kind of vulnerability is it? Who is impacted? A NestJS application using @nestjs/platform-fastify can allow bypass of any middleware when Fastify path-normalization options e.g., ignoreTrailingSlash, ignoreDuplicateSlashes, useSemicolonDelimiter are enabled. In affected route-scoped...
Nest has a Fastify URL Encoding Middleware Bypass
Impact What kind of vulnerability is it? Who is impacted? A NestJS application using @nestjs/platform-fastify can allow bypass of any middleware when Fastify path-normalization options e.g., ignoreTrailingSlash, ignoreDuplicateSlashes, useSemicolonDelimiter are enabled. In affected route-scoped...
CVE-2026-2293
A flaw was found in NestJS. When a NestJS application uses @nestjs/platform-fastify with Fastify path-normalization options enabled, a remote attacker can exploit this to bypass authentication and authorization middleware. This bypass allows unauthorized access to protected resources, compromisin...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
@andreacioni/saml2-nest-lib (=0.0.7), @apps-in-toss/web-framework (>=2.0.0 <=2.6.1) +223 more potentially affected by CVE-2026-2880 via @fastify/middie (>=8.0.0 <=9.1.0)
@fastify/middie NPM version =8.0.0, =2.0.0, =1.1.6, =1.0.5, =0.2.5, =0.0.6, =0.0.1, =0.0.1, =4.33.5, =2.0.7, =0.0.0-canary-20240602190113, =0.0.0-canary-20240602190113, =0.1.0, =0.7.1 and more Source cves: CVE-2026-2880 Source advisory: OSV:GHSA-8P85-9QPW-FWGW...
EUVD-2026-9049
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...
GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...
@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.7.1) +11 more potentially affected by CVE-2026-2880 via @fastify/middie (>=9.0.2 <=9.1.0)
@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-2880 Source advisory: SNYK:JS-FASTIFYMIDDIE-15366397...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
EUVD-2026-9034
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...
Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
CVE-2026-2880
Summary: CVE-2026-2880 concerns a path normalization issue in @fastify/middie (versions
CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
Incorrect Authorization
Overview @nestjs/core is a Nest - modern, fast, powerful node.js web framework @core Affected versions of this package are vulnerable to Incorrect Authorization when Fastify path-normalization options e.g., ignoreTrailingSlash, ignoreDuplicateSlashes, useSemicolonDelimiter are enabled. An attacke...
Incorrect Authorization
Overview @nestjs/platform-fastify is a Nest - modern, fast, powerful node.js web framework @platform-fastify Affected versions of this package are vulnerable to Incorrect Authorization when Fastify path-normalization options e.g., ignoreTrailingSlash, ignoreDuplicateSlashes, useSemicolonDelimiter...