Fastify Fastify-multipart — known CVE vulnerabilities
Every CVE whose affected-product data names Fastify Fastify-multipart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-8136 — CVSS 7.5 (high): Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests…
CVE-2021-23597 — CVSS 7.5 (high): This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the…
CVE-2023-25576 — CVSS 7.5 (high): @fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may…