CVE-2020-8136

Prototype pollution vulnerability in fastify-multipart 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request...

Cross site request forgery (csrf)

Prototype pollution vulnerability in fastify-multipart 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request...

CVE-2020-8136

CVE-2020-8136 affects fastify-multipart via a prototype-pollution path in versions below 1.0.5, enabling an attacker to crash Fastify applications during multipart request parsing with a crafted input. Connected advisories (GHSA-QH73-QC3P-RJV2 and RH/CVE entries) confirm a bypass vector involving...

CVE-2020-8136

Prototype pollution vulnerability in fastify-multipart 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request...

Prototype Pollution

fastify-multipart is vulnerable to prototype pollution. It accepts parsing of multipart requests with proto key as field, allowing an attacker to provide such malicious requests to lead to an application crash in a remote server...

Node.js third-party modules: Prototype pollution in multipart parsing

I would like to report a prototype pollution attack in fastify-multipart it allows to crash a remote server parsing multipart requests by sending a specially crafted request. Module module name: fastify-multipart version: all versions before Detailed steps to reproduce with all required...

Code Injection

fastify is vulnerable to code injection. The vulnerability exists because the library serializes the data in the response using fast-json-stingify which is susceptible to Server Side Code Injection and it does not validate the properties names in schema definition, allowing an attacker to inject...

Node.js third-party modules: Server Side JavaScript Code Injection

I would like to report a Service Side JavaScript Code Injection in fastify. It allows an attacker that can control a single property name in the serialization schema to achieve Remote Command Execution in the context of the web server. Module module name: fastify version: 2.2.0 npm page:...

GHSA-MQ6C-FH97-4GWV Denial of Service vulnerability with large JSON payloads in fastify

Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload. Recommendation Update to version 0.38.0 or later...

Denial of Service vulnerability with large JSON payloads in fastify

Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload. Recommendation Update to version 0.38.0 or later...

Fastify Denial of Service Vulnerability

Fastify is a web framework used in Node.js. A security vulnerability exists in Fastify versions prior to 0.38.0. An attacker can cause a denial of service by sending a request and payload with 'Content-Type: application/json'...

CVE-2018-3711

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

CVE-2018-3711

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

Design/Logic Flaw

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

CVE-2018-3711

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

CVE-2018-3711

CVE-2018-3711 affects the Fastify node module prior to 0.38.0. A vulnerability allows a denial-of-service by sending a request with Content-Type: application/json and a very large payload, potentially making the service unresponsive. The issue is triggered by processing large JSON payloads; no ex...

Denial-of-Service (DoS)

The Fastify library is vulnerable to denial-of-service DoS attacks when attackers send a request with with Content-Type:application/json and a payload that surpasses the internal string length limit of 2^30-25 bytes. Upon receipt, the process will crash due to an uncaughtException rendering it...

Fastify denial-of-service vulnerability with large JSON payloads

Overview Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload. Recommendation Update to version 0.38.0 or later. References - Commit fabd2a0 - HackerOne Report 303632 - GitHub Advisory...

Node.js third-party modules: Fastify denial-of-service vulnerability with large JSON payloads

Module: Fastify - https://www.npmjs.com/package/fastify Affected versions: =0.37.0 all version before 0.38.0 Summary: A denial-of-service attack can be performed against servers running Fastify by sending a request with "Content-Type: application/json" and a very large payload. Description: Fasti...