Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fastify's Content-Type header tab character allows body validation bypass
Vulnerability Description
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
解释冲突
Vulnerability Title
Fastify 安全漏洞
Vulnerability Description
Fastify是Fastify开源的一个 Web 框架。 Fastify 5.7.2之前版本存在安全漏洞,该漏洞源于请求正文验证模式可被完全绕过,可能导致攻击者绕过正文验证。
CVSS Information
N/A
Vulnerability Type
N/A