npm package
fastify-multipart
pkg:npm/fastify-multipart
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23597 | — | < 5.3.1 | 5.3.1 | Feb 11, 2022 | This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). | ||
| CVE-2020-8136 | — | < 1.0.5 | 1.0.5 | Mar 20, 2020 | Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. |
- CVE-2021-23597Feb 11, 2022affected < 5.3.1fixed 5.3.1
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
- CVE-2020-8136Mar 20, 2020affected < 1.0.5fixed 1.0.5
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.