RSS   Podatności dla 'Fastify-multipart'   RSS

2022-02-11
 
CVE-2021-23597

CWE-400
 
 
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).

 
2020-03-20
 
CVE-2020-8136

CWE-400
 
 
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.

 

 >>> Vendor: Fastify 4 Produkty
Fastify
Fastify-multipart
Fastify-csrf
Fastify-static

Copyright 2024, cxsecurity.com

 

Back to Top