Fastify: Deny of service via malicious Content-Type

Summary: I found a way to crash a [email protected] server with a single query on a minimal setup. The function ContentTypeParser.getParser do not check properly if the requested content-type parser exists. /lib/contentTypeParser.js:94 javascript ContentTypeParser.prototype.getParser = function...

fastify-bearer-auth vulnerable to Timing Attack Vector

Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack...

GHSA-376V-XGJX-7MFR fastify-bearer-auth vulnerable to Timing Attack Vector

Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack...

Timing Attack

@fastify/bearer-auth is vulnerable to timing attacks. The vulnerability exists because the timingSafeEqual functionality in the compare function of plugin.js does not securely perform a constant-time comparison against the length of the bearer token, allowing an attacker to guess the length of th...

CVE-2022-31142

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

Authorization

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

CVE-2022-31142

The CVE-2022-31142 issue affects the Fastify bearer-auth plugin. Vulnerable releases are @fastify/bearer-auth versions prior to 7.0.2 and 8.0.1, where crypto.timingSafeEqual is not used securely, enabling a potential timing-based length deduction attack on bearer tokens (RFC 6750 token has base64...

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

Fastify 安全漏洞

Fastify is an open source web framework for Node.js from the Openjs Foundation. A security vulnerability exists in the Fastify plugin @fastify/bearer-auth versions prior to 7.0.2 and prior to 8.0.1, which stems from the unsafe use of crypto.timingSafeEqual...

Denial Of Service (DoS)

fastify-multipart is vulnerable to denial of service. An attacker is able to exploit the vulnerability and crash the system by providing a maliciously crafted request to the remote server via the constructor property...

@adminjs/fastify (>=1.0.0 <=2.0.0), @autotelic/apollo-server-fastify (>=4.0.0 <=4.1.1) +46 more potentially affected by CVE-2021-23597 via fastify-multipart (>=0.2.0 <=5.3.0)

fastify-multipart NPM version =0.2.0, =1.0.0, =4.0.0, =0.0.1, =1.0.0, =1.0.2, =1.1.7, =1.1.7, =0.0.1, =0.0.1-rc2, =0.0.3, =0.0.5, =0.0.0, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2021-23597 Source advisory: OSV:GHSA-QH73-QC3P-RJV2...

Uncaught Exception in fastify-multipart

Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...

GHSA-QH73-QC3P-RJV2 Uncaught Exception in fastify-multipart

Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

CVE-2021-23597

CVE-2021-23597 affects the npm package fastify-multipart prior to 5.3.1. By supplying a name=constructor property, an attacker can crash the application, bypassing the prior CVE-2020-8136 fix. Several sources (OSV, GHSA advisories, CNNVD) confirm the vulnerability and identify upgrading to v5.3.1...

CVE-2021-23597 Denial of Service (DoS)

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

fastify-multipart 资源管理错误漏洞

fastify-multipart is a software package that supports parsing multiple content types. A resource management error vulnerability exists in fastify-multipart before 5.3.1, which stems from the possibility of crashing the application by providing the name=constructor attribute...