漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
@fastify/middie has an improper path normalization vulnerability
Vulnerability Description
A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router normalization options are enabled (such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related trailing-slash behavior), crafted request paths may bypass middleware checks while still being routed to protected handlers.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
@fastify/middie 安全漏洞
Vulnerability Description
@fastify/middie是Fastify开源的一个中间件引擎。 @fastify/middie 9.2.0之前版本存在安全漏洞,该漏洞源于路径范围中间件在使用路由器规范化选项时可能被绕过,可能导致身份验证或授权绕过。
CVSS Information
N/A
Vulnerability Type
N/A