641 matches found
CVE-2022-39386
The CVE concerns @fastify/websocket/fastify-websocket: all versions are reported to crash when processing a specific malformed WebSocket packet, causing a Denial of Service. The issue stems from a crash on malformed input, and the module is deprecated with no built-in patches. Patched versions ar...
Fastify 安全漏洞
Fastify is an open source web framework for Node.js from the OpenJS Foundation. Fastify fastify-websocket suffers from a security vulnerability that originates from an attacker sending it specific packets in the wrong format, which could cause it to crash...
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)
fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...
GHSA-4PCG-WR6C-H9CQ fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...
PT-2022-24945 · Fastify · @Fastify/Websocket
Name of the Vulnerable Software and Affected Versions: fastify-websocket versions prior to 7.1.1 fastify v4 and prior to 5.0.1 fastify v3 @fastify/websocket all versions, deprecated Description: Any application using @fastify/websocket could crash if a specific, malformed packet is sent. The issu...
Denial Of Service (DoS)
fastify is vulnerable to denial of service. The vulnerability exists because the ContentTypeParser function in contentTypeParser.js does not properly validate the Content-Type header, allowing an attacker to crash the application by providing a malicious content type...
Fastify Denial of Service Vulnerability
Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...
03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +2534 more potentially affected by CVE-2022-39288 via fastify (>=4.0.2 <=4.7.0)
fastify NPM version =4.0.2, =1.0.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =2.0.0, =3.0.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2022-39288 Source advisory: OSV:GHSA-455W-C45V-86RG...
GHSA-455W-C45V-86RG fastify vulnerable to denial of service via malicious Content-Type
Impact An attacker can send an invalid Content-Type header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. This was updated: upon a close inspection, v3.x is not affected after all. Patches Yes, update to v4.8.0. Workarounds...
CVE-2022-39288
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...
Design/Logic Flaw
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...
CVE-2022-39288 Denial of service in Fastify via Content-Type header
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...
CVE-2022-39288 Denial of service in Fastify via Content-Type header
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...
CVE-2022-39288
CVE-2022-39288 affects the Fastify web framework for Node.js. The vulnerability arises in older Fastify versions (prior to 4.8.1) where a malicious Content-Type header can trigger a denial of service (application crash). The issue is addressed in commit fbb07e8d and the fix is planned for release...
Fastify 代码问题漏洞
Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...
PT-2022-24871 · Fastify · Fastify
Name of the Vulnerable Software and Affected Versions: fastify versions 4.0.0 through 4.8.0 Description: The issue allows an attacker to send an invalid Content-Type header, potentially causing the application to crash and leading to a denial of service attack. It is estimated that a significant...
CVE-2022-39288 Denial of service in Fastify via Content-Type header
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...