CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Configurations

Configuration 1 (hide)

cpe:2.3:a:fastify:fastify-multipart:*:*:*:*:*:fastify:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-400 CWE-1321

18 Feb 2022, 02:03

Type Values Removed Values Added
CPE cpe:2.3:a:fastify:fastify-multipart:*:*:*:*:*:fastify:*:*
CWE CWE-400
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (CONFIRM) https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1 - (CONFIRM) https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1 - Release Notes, Third Party Advisory
References (CONFIRM) https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066 - (CONFIRM) https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066 - Patch, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480 - (CONFIRM) https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480 - Exploit, Patch, Third Party Advisory

11 Feb 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-11 17:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-23597

Mitre link : CVE-2021-23597

CVE.ORG link : CVE-2021-23597


JSON object : View

Products Affected

fastify

  • fastify-multipart
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')