4 matches found
CVE-2022-41919
A Cross-site request forgery CSRF vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch requests that could be used to invoke routes that only accept application/json...
CVE-2022-41919
CVE-2022-41919 : Fastify (web framework) is vulnerable to a CSRF risk due to bypass of Pre-Flight checks when requests use a non-JSON Content-Type (e.g., application/x-www-form-urlencoded, multipart/form-data, text/plain). This can bypass CORS protections and enable unauthorized cross-site action...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...