1 results (0.006 seconds)
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0
CVE-2022-39386 – fastify-websocket vulnerable to uncaught exception via crash on malformed packet
https://notcve.org/view.php?id=CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). • https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq • CWE-248: Uncaught Exception •