VYPR

npm package

fastify-multipart

pkg:npm/fastify-multipart

Vulnerabilities (2)

  • CVE-2021-23597Feb 11, 2022
    affected < 5.3.1fixed 5.3.1

    This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).

  • CVE-2020-8136Mar 20, 2020
    affected < 1.0.5fixed 1.0.5

    Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.