All vulnerabilities
CVE-2023-25576
Denial of service due to unlimited number of parts
Description
Impact
- The multipart body parser accepts an unlimited number of file parts.
- The multipart body parser accepts an unlimited number of field parts.
- The multipart body parser accepts an unlimited number of empty parts as fieldparts.
Patches
This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x).
Workarounds
There are no known workaround.
References
Reported at https://hackerone.com/reports/1816195.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
JavaScript
Publish Date
February 14, 2023
Modified Date
November 7, 2023
Score Vector
Affected Versions
