Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated...

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...

编号撤回

Fastify is an open source web framework for Node.js from the OpenJS Foundation. This CVE number has been withdrawn...

Fastify Cross-Site Request Forgery Vulnerability

Fastify is an OpenJS Foundation open source web framework for Node.js. Fastify A cross-site request forgery vulnerability exists in Fastify versions 3.0.0 and later, 3.29.4 and earlier, 4.0.0 and later, 4.10.2 and earlier, which can be exploited by an attacker to launch a cross-site request forge...

Fastify Denial of Service Vulnerability

Fastify is an open source Web framework for Node.js from the Openjs Foundation.A denial-of-service vulnerability exists in versions of Fastify prior to 4.8.1, which stems from the fact that Content-Type headers can be used maliciously and can be exploited by attackers to send invalid Content-Type...