CNNVD-202602-209 Information
CNNVD ID
CNNVD-202602-209
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Fastify是Fastify开源的一个 Web 框架。 Fastify 5.7.2之前版本存在安全漏洞,该漏洞源于请求正文验证模式可被完全绕过,可能导致攻击者绕过正文验证。
Description (English)
Fastify is an open-source Web framework for Fastify. There was a security loophole in the pre-Fastify 5.7.2 version, which stemmed from the fact that the request body text validation model could be completely bypassed and could lead to the attackers circumventing the text.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
fastify
Published
2026-02-03
Last Modified
2026-02-24
References
https://fastify.dev/docs/latest/Reference/Validation-and-Serialization https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125 https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272 https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821 https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq https://hackerone.com/reports/3464114