Vulnerability Details CVE-2021-23597
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066
- https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1
- https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480
- https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066
- https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1
- https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480
Products affected by CVE-2021-23597
-
cpe:2.3:a:fastify:fastify-multipart:0.1.0
-
cpe:2.3:a:fastify:fastify-multipart:0.2.0
-
cpe:2.3:a:fastify:fastify-multipart:0.3.0
-
cpe:2.3:a:fastify:fastify-multipart:0.4.0
-
cpe:2.3:a:fastify:fastify-multipart:0.4.1
-
cpe:2.3:a:fastify:fastify-multipart:0.5.0
-
cpe:2.3:a:fastify:fastify-multipart:0.5.1
-
cpe:2.3:a:fastify:fastify-multipart:0.6.0
-
cpe:2.3:a:fastify:fastify-multipart:0.7.0
-
cpe:2.3:a:fastify:fastify-multipart:0.8.0
-
cpe:2.3:a:fastify:fastify-multipart:0.8.1
-
cpe:2.3:a:fastify:fastify-multipart:0.8.2
-
cpe:2.3:a:fastify:fastify-multipart:1.0.0
-
cpe:2.3:a:fastify:fastify-multipart:1.0.1
-
cpe:2.3:a:fastify:fastify-multipart:1.0.2
-
cpe:2.3:a:fastify:fastify-multipart:1.0.3
-
cpe:2.3:a:fastify:fastify-multipart:1.0.4
-
cpe:2.3:a:fastify:fastify-multipart:1.0.5
-
cpe:2.3:a:fastify:fastify-multipart:1.0.6
-
cpe:2.3:a:fastify:fastify-multipart:2.0.0
-
cpe:2.3:a:fastify:fastify-multipart:2.0.1
-
cpe:2.3:a:fastify:fastify-multipart:2.0.2
-
cpe:2.3:a:fastify:fastify-multipart:2.0.3
-
cpe:2.3:a:fastify:fastify-multipart:3.0.0
-
cpe:2.3:a:fastify:fastify-multipart:3.1.0
-
cpe:2.3:a:fastify:fastify-multipart:3.2.0
-
cpe:2.3:a:fastify:fastify-multipart:3.2.1
-
cpe:2.3:a:fastify:fastify-multipart:3.3.0
-
cpe:2.3:a:fastify:fastify-multipart:3.3.1
-
cpe:2.3:a:fastify:fastify-multipart:4.0.0
-
cpe:2.3:a:fastify:fastify-multipart:4.0.1
-
cpe:2.3:a:fastify:fastify-multipart:4.0.2
-
cpe:2.3:a:fastify:fastify-multipart:4.0.3
-
cpe:2.3:a:fastify:fastify-multipart:4.0.4
-
cpe:2.3:a:fastify:fastify-multipart:4.0.5
-
cpe:2.3:a:fastify:fastify-multipart:4.0.6
-
cpe:2.3:a:fastify:fastify-multipart:4.0.7
-
cpe:2.3:a:fastify:fastify-multipart:5.0.0
-
cpe:2.3:a:fastify:fastify-multipart:5.0.1
-
cpe:2.3:a:fastify:fastify-multipart:5.0.2
-
cpe:2.3:a:fastify:fastify-multipart:5.1.0
-
cpe:2.3:a:fastify:fastify-multipart:5.2.0
-
cpe:2.3:a:fastify:fastify-multipart:5.2.1
-
cpe:2.3:a:fastify:fastify-multipart:5.3.0