CVE-2018-3711

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.

Ссылки

https://github.com/fastify/fastify/pull/627
Exploit
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/303632
Exploit
Issue Tracking
Third Party Advisory
https://github.com/fastify/fastify/pull/627
Exploit
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/303632
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*

Версия до 0.38.0 (исключая)

EPSS

Процентиль: 73%

0.00776

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-mq6c-fh97-4gwv