Filtered by vendor Fastify
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 6.5 Medium |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | ||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | ||||
| CVE-2020-28482 | 1 Fastify | 1 Fastify-csrf | 2024-11-21 | 5.9 Medium |
| This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter | ||||
| CVE-2018-3711 | 1 Fastify | 1 Fastify | 2024-11-21 | 7.5 High |
| Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | ||||