fastify is vulnerable to cross-site request forgery. The vulnerability exists due to the incorrect Content-Type
used in the ContentTypeParser
function of contentTypeParser.js
, allowing an attacker to bypass the Pre-Flight
checking of fetch.fetch()
requests with Content-Type’s as application/x-www-form-urlencoded
,multipart/form-data
, or text/plain
.