Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Vulnerability Description
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Fastify 安全漏洞
Vulnerability Description
Fastify是Fastify开源的一个 Web 框架。 Fastify 5.7.3之前版本存在安全漏洞,该漏洞源于Web Streams响应处理存在拒绝服务漏洞,可能导致远程客户端耗尽服务器内存。
CVSS Information
N/A
Vulnerability Type
N/A