CVE-2020-8192

EPSS 0.38%

Denial of service in fastify

發布日:2020/8/5修改日:2023/11/8

描述

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

受影響套件(1)

npm/fastifyfrom 0, < 2.15.1

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-8192
WEBhttps://github.com/fastify/fastify/commit/74c3157ca90c3ffed9e4434f63c2017471ec970e
WEBhttps://hackerone.com/reports/903521