641 matches found
@wmfs/tymly-fastify-plugin (>=1.57.0 <=1.59.0), homebridge-config-ui-x (>=4.41.4 <=4.43.0-test.2) potentially affected by CVE-2020-8136 +1 more via fastify-multipart (>=5.2.1 <=5.3.0)
fastify-multipart NPM version =5.2.1, =1.57.0, =4.41.4, =4.43.0-test.2 Source cves: CVE-2020-8136, CVE-2021-23597 Source advisory: SNYK:JS-FASTIFYMULTIPART-2395480...
Denial of Service (DoS)
Overview fastify-multipart is a Multipart plugin for Fastify Affected versions of this package are vulnerable to Denial of Service DoS. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136...
Mercurius code issue vulnerability
Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...
CVE-2021-43801
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
CVE-2021-43801
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
Code injection
Mercurius is a GraphQL adapter for Fastify. Any users from email protected to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
CVE-2021-43801
Mercurius (GraphQL adapter for Fastify) versions 8.10.0–8.11.1 are vulnerable to a denial-of-service caused by sending a malformed JSON to /graphql. The issue is fixed in v8.11.2 (pull 678); a workaround is to use a custom error handler. No exploitation details are provided in the available docum...
CVE-2021-43801 Uncaught Exception in mercurius
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
Mercurius 代码问题漏洞
Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...
The vulnerability of the redirect parameter in the fastify-static plugin allows a hacker to redirect users of Mozilla Firefox to arbitrary websites.
The vulnerability of the redirect parameter in the fastify-static plugin relates to the ability to redirect users to untrusted URLs. Exploiting this vulnerability allows a malicious actor to redirect users of Mozilla Firefox to arbitrary websites...
CVE-2021-22964
A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...
CVE-2021-22963
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...
CVE-2021-22964
A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...
CVE-2021-22963
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...
CVE-2021-22963
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...
CVE-2021-22964
A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...
Design/Logic Flaw
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...
Design/Logic Flaw
A redirect vulnerability in the fastify-static module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the...
CVE-2021-22963
CVE-2021-22963 describes a redirect vulnerability in the fastify-static module (versions before 4.2.4). When applications enable redirect: true, an attacker can trick users into visiting arbitrary sites by using a double slash followed by a domain (e.g., //domain). The issue affects fastify-stati...
CVE-2021-22963
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...