Fastify Multipart
Approved changes feed: RSS · Atom
cpe:2.3:a:fastify:fastify-multipart:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Fastify (51747187-798b-5030-972d-b19db43759b4) |
|---|---|
| Product | Fastify Multipart (7228c2ac-733f-5836-95ee-1ff75ca94623) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/fastify/fastify-multipart |
purl2cpe | 2026-06-01 10:16:32.779120 |
pkg:npm/fastify-multipart |
purl2cpe | 2026-06-01 10:16:32.779123 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-24033 |
vulnerable | 2026-06-03 14:59:54.549064 |
@fastify/multipart vulnerable to unlimited consumption of resources
HIGH (7.5)
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`.
Published: 2025-01-23T17:40:56.228Z
Updated: 2025-02-12T20:41:29.689Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25576 |
vulnerable | 2026-06-03 14:49:32.960794 |
@fastify/multipart vulnerable to DoS due to unlimited number of parts
HIGH (7.5)
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of file parts, the multipart body parser accepting an unlimited number of field parts, and the multipart body parser accepting an unlimited number of empty parts as field parts. This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). There are no known workarounds.
Published: 2023-02-14T15:04:11.119Z
Updated: 2025-03-10T21:12:19.777Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.