CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39288 – Denial of service in Fastify via Content-Type header
https://notcve.org/view.php?id=CVE-2022-39288
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. • https://github.com/fastify/fastify/commit/fbb07e8dfad74c69cd4cd2211aedab87194618e3 https://github.com/fastify/fastify/security/advisories/GHSA-455w-c45v-86rg https://github.com/fastify/fastify/security/policy • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-8192
https://notcve.org/view.php?id=CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. Se presenta una vulnerabilidad denegación de servicio en Fastify versiones v2.14.1 y v3.0.0-rc.4, que permite a un usuario malicioso desencadenar el agotamiento de recursos (cuando es usada la opción allErrors) con esquemas especialmente diseñados • https://github.com/ossf-cve-benchmark/CVE-2020-8192 https://hackerone.com/reports/903521 • CWE-400: Uncontrolled Resource Consumption •