Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fastify-websocket vulnerable to uncaught exception via crash on malformed packet
Vulnerability Description
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
Fastify 安全漏洞
Vulnerability Description
Fastify是OpenJS基金会的一款用于Node.js的开源Web框架。 Fastify fastify-websocket存在安全漏洞,该漏洞源于攻击者向其发送特定的格式错误的数据包,可能导致其崩溃。
CVSS Information
N/A
Vulnerability Type
N/A