Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

9.1CVSS5.4AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 10:28 p.m.10 views

EUVD-2026-23235

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 10:28 p.m.8 views

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/16 10:28 p.m.3 views

GHSA-V9WW-2J6R-98Q6 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/04/16 3:17 p.m.8 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

9.1CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 1:56 p.m.4 views

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 1:56 p.m.33 views

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 1:56 p.m.20 views

CVE-2026-33804

CVE-2026-33804 affects @fastify/middie v9.3.1 and earlier, where middleware bypass can occur when the deprecated top-level ignoreDuplicateSlashes option is enabled. The middleware’s path-matching does not account for duplicate-slash normalization performed by Fastify’s router, allowing requests w...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

@fastify/middie 安全漏洞

@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie 9.3.1 and earlier contained security vulnerabilities. These vulnerabilities occurred when the deprecated ignoreDuplicateSlashes option was enabled, as the middleware’s path matching logic did not...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33323

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description A middleware bypass exists when the deprecated ignoreDuplicateSlashes option is enabled. The middleware path matching logic fails to account for duplicate slash normalization performed by the...

7.4CVSS5.7AI score0.00278EPSS
Exploits0References9
EUVD
EUVD
added 2026/02/28 2:47 a.m.8 views

EUVD-2026-9049

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References6
NVD
NVD
added 2026/02/27 7:16 p.m.8 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 6:25 p.m.2 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 6:25 p.m.5 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References3
Rows per page
Query Builder