Количество 2
Количество 2
CVE-2026-25223
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
GHSA-jx2c-rxcm-jvmq
Fastify's Content-Type header tab character allows body validation bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25223 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2. | CVSS3: 7.5 | 0% Низкий | 5 дней назад |
| GHSA-jx2c-rxcm-jvmq Fastify's Content-Type header tab character allows body validation bypass | CVSS3: 7.5 | 0% Низкий | 6 дней назад |
Уязвимостей на страницу