Fastify-multipart Security Vulnerabilities and Issues — Fastify-multipart CVE List

Lucene search

FastifyFastify-multipart

4 matches found

CVE•added 2020/03/20 7:15 p.m.•116 views

CVE-2020-8136

Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.

7.5CVSS7.1AI score0.00751EPSS

CVE•added 2022/02/11 5:15 p.m.•65 views

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).

7.5CVSS7.4AI score0.00751EPSS

CVE•added 2025/01/23 6:15 p.m.•44 views

CVE-2025-24033

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use sav...

7.5CVSS7.3AI score0.00145EPSS

CVE•added 2023/02/14 4:15 p.m.•41 views

CVE-2023-25576

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an u...

7.5CVSS7.2AI score0.00298EPSS