12 matches found
CVE-2026-15631
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
Denial Of Service (DoS)
@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the fastifyWebsocket function in index.js which crashes the application on an uncaught exception when processing a malformed packet...
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
Design/Logic Flaw
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386
The CVE concerns @fastify/websocket/fastify-websocket: all versions are reported to crash when processing a specific malformed WebSocket packet, causing a Denial of Service. The issue stems from a crash on malformed input, and the module is deprecated with no built-in patches. Patched versions ar...
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)
fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...
GHSA-4PCG-WR6C-H9CQ fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...
PT-2022-24945 · Fastify · @Fastify/Websocket
Name of the Vulnerable Software and Affected Versions: fastify-websocket versions prior to 7.1.1 fastify v4 and prior to 5.0.1 fastify v3 @fastify/websocket all versions, deprecated Description: Any application using @fastify/websocket could crash if a specific, malformed packet is sent. The issu...