Vulnerabilities > CVE-2021-23597 - Unspecified vulnerability in Fastify Fastify-Multipart
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Vulnerable Configurations
References
- https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066
- https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066
- https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1
- https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1
- https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480
- https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480