3 matches found
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...
46c-sector (>=1.0.0 <=1.2.1), @agentframework/cli (>=0.9.6 <=0.11.1) +184 more potentially affected by CVE-2020-8192 via fastify (>=0.21.0 <=2.15.0)
fastify NPM version =0.21.0, =1.0.0, =0.9.6, =0.3.0, =2.0.0, =6.3.1, =1.0.0, =0.1.0, =0.0.1, =1.0.0-alpha.9, =1.0.0-alpha.1, =0.0.3, =1.1.3, =1.2.1 - @gyrfalcon/nuxt =1.0.0 and more Source cves: CVE-2020-8192 Source advisory: OSV:GHSA-XW5P-HW6R-2J98...
CVE-2020-8192
CVE-2020-8192 affects Fastify versions 2.14.1 and 3.0.0-rc.4. The vulnerability is a denial-of-service via resource exhaustion when the AJV-based validation uses the allErrors option and receives specially crafted schemas. The impact described in multiple connected records is that a malicious use...