CVE-2025-24033 @fastify/multipart vulnerable to unlimited consumption of resources

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use...

PT-2025-1271 · Fastify · Fastify-Multipart

Name of the Vulnerable Software and Affected Versions: @fastify/multipart versions prior to 8.3.1 and 9.0.3 Description: The issue is related to the saveRequestFiles function in the @fastify/multipart plugin for Fastify, which fails to delete uploaded temporary files when a user cancels a request...