Lucene search
Veracode Vulnerability DatabaseVERACODE:38215HistoryNov 24, 2022 - 2:18 a.m.
Cross-Site Request Forgery (CSRF)
2022-11-2402:18:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
csrf
fastify
contenttypeparser
vulnerability
pre-flight checking
fetch.fetch
application/x-www-form-urlencoded
multipart/form-data
text/plain
0.001 Low
EPSS
Percentile
44.8%
fastify is vulnerable to cross-site request forgery. The vulnerability exists due to the incorrect Content-Type used in the ContentTypeParser function of contentTypeParser.js, allowing an attacker to bypass the Pre-Flight checking of fetch.fetch() requests with Content-Type’s as application/x-www-form-urlencoded,multipart/form-data, or text/plain.
Related
cve
cve
CVE-2022-41919
2022-11-22 20:15:11
cnvd
cnvd
Fastify cross-site request forgery vulnerability
2022-11-24 00:00:00
redhatcve
redhatcve
CVE-2022-41919
2023-01-09 20:05:41
osv
osv
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
2022-11-21 22:28:11
CVE-2022-41919
2022-11-22 20:15:11
prion
prion
Cross site request forgery (csrf)
2022-11-22 20:15:00
github
github
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
2022-11-21 22:28:11
cvelist
cvelist
nvd
nvd
CVE-2022-41919
2022-11-22 20:15:11