Lucene search
Veracode Vulnerability DatabaseVERACODE:39280HistoryFeb 15, 2023 - 7:37 a.m.
Denial Of Service (DoS)
2023-02-1507:37:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
fastifymultipart
index.js
application crash
software
0.001 Low
EPSS
Percentile
50.1%
fastify/multipart is vulnerable to Denial Of Service (DoS). The vulnerability exists in the fastifyMultipart function in index.js due to accepting unlimited number of file parts which can cause an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @fastify/multipart | eq | 6.0.0 | |
| @fastify/multipart | le | 7.4.0 | |
| @fastify/multipart | eq | 6.0.0 | |
| @fastify/multipart | le | 7.4.0 |
References
github.com/fastify/fastify-multipart/commit/85be81bedf5b29cfd9fe3efc30fb5a17173c1297
github.com/fastify/fastify-multipart/commit/ab949de4f60bb809f3ef1c301cea812cad90eef7
github.com/fastify/fastify-multipart/releases/tag/v6.0.1
github.com/fastify/fastify-multipart/releases/tag/v7.4.1
github.com/fastify/fastify-multipart/security/advisories/GHSA-hpp2-2cr5-pf6g
hackerone.com/reports/1816195
Related
osv
osv
Denial of service due to unlimited number of parts
2023-02-14 21:49:55
CVE-2023-25576
2023-02-14 16:15:11
nvd
nvd
CVE-2023-25576
2023-02-14 16:15:11
cve
cve
CVE-2023-25576
2023-02-14 16:15:11
prion
prion
Code injection
2023-02-14 16:15:00
cvelist
cvelist
github
github
Denial of service due to unlimited number of parts
2023-02-14 21:49:55