Описание
Unlimited consumption of resources in @fastify/multipart
Impact
The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request.
Patches
Fixed in version 8.3.1 and 9.0.3
Workarounds
Do not use saveRequestFiles.
References
This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in https://github.com/fastify/fastify-multipart/pull/567.
Пакеты
@fastify/multipart
<= 8.3.0
8.3.1
@fastify/multipart
>= 9.0.0, < 9.0.3
9.0.3
Связанные уязвимости
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`.
Уязвимость функции saveRequestFiles фреймворка Fastify программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании