The vulnerability of the `saveRequestFiles` function in the Fastify JavaScript software framework allows a hacker to trigger a service failure.

The vulnerability of the saveRequestFiles function in the Fastify JavaScript software framework is related to the use of incorrect authentication tokens due to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending special...

CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

PT-2025-1271 · Fastify · Fastify-Multipart

Name of the Vulnerable Software and Affected Versions: @fastify/multipart versions prior to 8.3.1 and 9.0.3 Description: The issue is related to the saveRequestFiles function in the @fastify/multipart plugin for Fastify, which fails to delete uploaded temporary files when a user cancels a request...