Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@fastify/multipart vulnerable to DoS due to unlimited number of parts
Vulnerability Description
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of file parts, the multipart body parser accepting an unlimited number of field parts, and the multipart body parser accepting an unlimited number of empty parts as field parts. This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
fastify-multipart 安全漏洞
Vulnerability Description
fastify-multipart是一款支持解析多个内容类型的软件包。 fastify-multipart 6.0.1之前版本、7.0.0之前版本、7.4.1之前版本存在安全漏洞,该漏洞源于接受无限数量的文件部分的multipart 主体解析器,接受无限数量的字段部分的multipart 主体解析器,以及接受无限数量的空部分作为字段部分的multipart 主体解析器,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A