CVE-2020-8192
Denial of service in fastify
EPSS 0.38%
Description
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
How to fix CVE-2020-8192
To remediate CVE-2020-8192, upgrade the affected package to a fixed version below.
- npm/fastify—upgrade to 2.15.1 or later
Is CVE-2020-8192 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.15.1