Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2023/01/09 8:5 p.m.37 views

CVE-2022-41919

A Cross-site request forgery CSRF vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch requests that could be used to invoke routes that only accept application/json...

8.8CVSS6.2AI score0.00369EPSS
Exploits0References6
CVE
CVE
added 2022/11/22 12:0 a.m.88 views

CVE-2022-41919

CVE-2022-41919 : Fastify (web framework) is vulnerable to a CSRF risk due to bypass of Pre-Flight checks when requests use a non-JSON Content-Type (e.g., application/x-www-form-urlencoded, multipart/form-data, text/plain). This can bypass CORS protections and enable unauthorized cross-site action...

8.8CVSS6.2AI score0.00369EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/11/22 12:0 a.m.46 views

CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

4.2CVSS8.9AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2022/11/22 12:0 a.m.37 views

CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

4.2CVSS8.4AI score0.00369EPSS
Exploits0References5
Rows per page
Query Builder