npm

Severity: high

Fastify denial-of-service vulnerability with large JSON payloads

fastify

Overview

Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload.

Remediation

Update to version 0.38.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 25th, 2018
  2. reported

    Initial report by nwoltman
    Jan 25th, 2018