Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS)
Vulnerability Description
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
fastify-multipart 资源管理错误漏洞
Vulnerability Description
fastify-multipart是一款支持解析多个内容类型的软件包。 fastify-multipart 5.3.1 之前存在资源管理错误漏洞,该漏洞源于通过提供 name=constructor 属性有可能使应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A