EUVD-2021-1148

Malware in sbrugna...

EUVD-2022-1154

Malicious code in bioql PyPI...

CVE-2023-25576

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

CVE-2020-8136

Prototype pollution vulnerability in fastify-multipart 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request...

CVE-2025-24033

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

GHSA-27C6-MCXV-X3FH Unlimited consumption of resources in @fastify/multipart

Impact The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. Patches Fixed in version 8.3.1 and 9.0.3 Workarounds Do not use saveRequestFiles. References This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in...

Unlimited consumption of resources in @fastify/multipart

Impact The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. Patches Fixed in version 8.3.1 and 9.0.3 Workarounds Do not use saveRequestFiles. References This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in...

CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

fastify-multipart 安全漏洞

fastify-multipart is a software package that supports parsing multiple content types. A security vulnerability exists in fastify-multipart versions 8.3.0 and earlier and versions 9.0.0 through 9.0.3 and earlier, which stems from the saveRequestFiles function not deleting temporary files that have...

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

fastify-multipart 安全漏洞

fastify-multipart is a package that supports parsing multiple content types. A security vulnerability exists in fastify-multipart versions prior to 6.0.1, prior to 7.0.0, and prior to 7.4.1, which originates from a multipart subject parser that accepts an unlimited number of file parts, a multipa...

Denial Of Service (DoS)

fastify-multipart is vulnerable to denial of service. An attacker is able to exploit the vulnerability and crash the system by providing a maliciously crafted request to the remote server via the constructor property...

GHSA-QH73-QC3P-RJV2 Uncaught Exception in fastify-multipart

Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...

@adminjs/fastify (>=1.0.0 <=2.0.0), @autotelic/apollo-server-fastify (>=4.0.0 <=4.1.1) +46 more potentially affected by CVE-2021-23597 via fastify-multipart (>=0.2.0 <=5.3.0)

fastify-multipart NPM version =0.2.0, =1.0.0, =4.0.0, =0.0.1, =1.0.0, =1.0.2, =1.1.7, =1.1.7, =0.0.1, =0.0.1-rc2, =0.0.3, =0.0.5, =0.0.0, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2021-23597 Source advisory: OSV:GHSA-QH73-QC3P-RJV2...

Uncaught Exception in fastify-multipart

Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

CVE-2021-23597 Denial of Service (DoS)

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382...

CVE-2021-23597

CVE-2021-23597 affects the npm package fastify-multipart prior to 5.3.1. By supplying a name=constructor property, an attacker can crash the application, bypassing the prior CVE-2020-8136 fix. Several sources (OSV, GHSA advisories, CNNVD) confirm the vulnerability and identify upgrading to v5.3.1...