Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service in Fastify via Content-Type header
Vulnerability Description
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Fastify 代码问题漏洞
Vulnerability Description
Fastify是Openjs基金会的一款用于Node.js的开源Web框架。 Fastify 4.8.1之前版本存在代码问题漏洞,该漏洞源于恶意使用Content-Type标头而遭到拒绝服务,攻击者可以发送可能导致应用程序崩溃的无效Content-Type标头。
CVSS Information
N/A
Vulnerability Type
N/A