GHSA-mq6c-fh97-4gwv

Опубликовано: 18 июл. 2018

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Denial of Service vulnerability with large JSON payloads in fastify

Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload.

Recommendation

Update to version 0.38.0 or later.

Ссылки

Пакеты

Наименование

fastify

npm

Затронутые версииВерсия исправления

<= 0.37.0

0.38.0

EPSS

Процентиль: 73%

0.00776

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3711

Дефекты

CWE-400

CWE-770

Связанные уязвимости

CVE-2018-3711

CVSS3: 7.5

nvd

больше 7 лет назад

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.

EPSS

Процентиль: 73%

0.00776

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3711

Дефекты

CWE-400

CWE-770