Количество 2
Количество 2
CVE-2026-25224
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3.
GHSA-mrq3-vjjr-p77c
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25224 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3. | CVSS3: 3.7 | 0% Низкий | 5 дней назад |
| GHSA-mrq3-vjjr-p77c Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream | CVSS3: 3.7 | 0% Низкий | 6 дней назад |
Уязвимостей на страницу