CVE-2025-24033
- EPSS 0.23%
- Veröffentlicht 23.01.2025 18:15:33
- Zuletzt bearbeitet 23.01.2025 18:15:33
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versio...
CVE-2023-25576
- EPSS 0.71%
- Veröffentlicht 14.02.2023 16:15:11
- Zuletzt bearbeitet 21.11.2024 07:49:45
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This ...
CVE-2021-23597
- EPSS 0.41%
- Veröffentlicht 11.02.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:50
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-12903...
CVE-2020-8136
- EPSS 0.75%
- Veröffentlicht 20.03.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:21
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.