Vulnerabilities > Fastify > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2023-51701 HTTP Request Smuggling vulnerability in Fastify Reply-From
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server.
network
low complexity
fastify CWE-444
7.5
7.5
2023-07-04 CVE-2023-31999 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Oauth2
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users.
network
low complexity
fastify CWE-352
8.8
8.8
2023-04-21 CVE-2023-29019 Session Fixation vulnerability in Fastify Passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem.
network
low complexity
fastify CWE-384
8.1
8.1
2023-02-14 CVE-2023-25576 Allocation of Resources Without Limits or Throttling vulnerability in Fastify Fastify-Multipart
@fastify/multipart is a Fastify plugin to parse the multipart content-type.
network
low complexity
fastify CWE-770
7.5
7.5
2022-11-22 CVE-2022-41919 Unspecified vulnerability in Fastify
Fastify is a web framework with minimal overhead and plugin architecture.
network
low complexity
fastify
8.8
8.8
2022-11-08 CVE-2022-39386 Unspecified vulnerability in Fastify Websocket
@fastify/websocket provides WebSocket support for Fastify.
network
low complexity
fastify
7.5
7.5
2022-10-10 CVE-2022-39288 Unspecified vulnerability in Fastify
fastify is a fast and low overhead web framework, for Node.js.
network
low complexity
fastify
7.5
7.5
2022-07-14 CVE-2022-31142 Information Exposure Through Discrepancy vulnerability in Fastify Bearer-Auth
@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers.
network
low complexity
fastify CWE-203
7.5
7.5
2022-02-11 CVE-2021-23597 Unspecified vulnerability in Fastify Fastify-Multipart
This affects the package fastify-multipart before 5.3.1.
network
low complexity
fastify
7.5
7.5
2021-10-14 CVE-2021-22964 Open Redirect vulnerability in Fastify Fastify-Static 4.2.4/4.3.0/4.4.0
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option.
network
low complexity
fastify CWE-601
8.8
8.8