Lucene search
+L

23 matches found

euvd
euvd
added 2026/07/01 11:42 a.m.8 views

EUVD-2026-40947

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths contain malformed percent-encoded sequences. Inputs such as an incomplete percent escape or a truncated multibyte sequence cause the underlying decoder t...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54638

Name of the Vulnerable Software and Affected Versions @fastify/middie versions 9.1.0 through 9.3.2 Description An issue exists in the standalone engine's URL normalization and decoding process where malformed percent-encoded sequences in incoming request paths are not properly guarded...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References9
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0698

Malware in sbrugna...

10CVSS8.9AI score0.01821EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-0723

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01463EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1716

Malicious code in bioql PyPI...

7.4CVSS7.4AI score0.00445EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0118

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00552EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6214

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01389EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0427

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00479EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 9:35 a.m.13 views

CVE-2024-22207

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.1AI score0.02001EPSS
Exploits0References1
githubexploit
githubexploit
added 2025/05/03 9:2 p.m.864 views

Exploit for CVE-2025-47240

Remote Code Execution via @fastify/view raw rendering Ve...

7.8AI score
Exploits1
ptsecurity
ptsecurity
added 2025/05/03 12:0 a.m.5 views

PT-2025-18960 · Unknown · Fastify/View

Name of the Vulnerable Software and Affected Versions: @fastify/view affected versions not specified Description: The issue concerns a potential Remote Code Execution RCE vulnerability in the @fastify/view plugin for Fastify, which allows the use of template engines for generating HTML pages on t...

7.8AI score
Exploits1References9
nvd
nvd
added 2025/01/23 6:15 p.m.19 views

CVE-2025-24033

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

7.5CVSS0.00552EPSS
Exploits0References3
cvelist
cvelist
added 2025/01/23 5:40 p.m.25 views

CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

7.5CVSS0.00552EPSS
Exploits0References3
cve
cve
added 2025/01/23 5:40 p.m.58 views

CVE-2025-24033

CVE-2025-24033 affects the @fastify/multipart plugin. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete uploaded temporary files when a user cancels a request, risking excessive disk usage. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use ...

7.5CVSS7.3AI score0.00552EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/01/15 3:40 p.m.3 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5AI score0.02001EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/04/20 5:5 p.m.5 views

CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/04/20 12:0 a.m.4 views

Fastify Fastify-csrf 跨站请求伪造漏洞

Fastify Fastify-csrf is a Fastify community based on Javascript can provide CSRF protection for Fastify plugin . A cross-site request forgery vulnerability exists in Fastify Fastify-csrf. An attacker can exploit this vulnerability to bypass the cross-site request forgery protection mechanism...

6.5CVSS6.2AI score0.00331EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2022/07/14 6:55 p.m.6 views

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

7.5CVSS6.7AI score0.01389EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2022/02/07 5:44 p.m.4 views

@wmfs/tymly-fastify-plugin (>=1.57.0 <=1.59.0), homebridge-config-ui-x (>=4.41.4 <=4.43.0-test.2) potentially affected by CVE-2020-8136 +1 more via fastify-multipart (>=5.2.1 <=5.3.0)

fastify-multipart NPM version =5.2.1, =1.57.0, =4.41.4, =4.43.0-test.2 Source cves: CVE-2020-8136, CVE-2021-23597 Source advisory: SNYK:JS-FASTIFYMULTIPART-2395480...

7.5CVSS7.1AI score0.0203EPSS
Exploits2
vulnersosv
vulnersosv
added 2021/10/12 4:4 p.m.5 views

@wmfs/tymly-fastify-plugin (>=1.50.0 <=1.51.0), egg-bag (>=1.44.43 <=1.45.11) potentially affected by CVE-2021-22964 via fastify-static (>=4.2.4 <=4.4.0)

fastify-static NPM version =4.2.4, =1.50.0, =1.44.43, =1.45.11 Source cves: CVE-2021-22964 Source advisory: OSV:GHSA-PGH6-M65R-2RHQ...

8.8CVSS7.2AI score0.00988EPSS
Exploits1
Rows per page
Query Builder