A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
References
Link | Resource |
---|---|
https://hackerone.com/reports/903521 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-07-30 06:15
Updated : 2020-08-06 11:46
NVD link : CVE-2020-8192
Mitre link : CVE-2020-8192
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
fastify
- fastify