Description
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
Remediation
References
https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066
https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1
https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480
Related Vulnerabilities
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle
CVE-2021-30109 Vulnerability in npm package froala-editor
CVE-2022-22968 Vulnerability in maven package org.springframework:spring-context
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all
CVE-2023-29213 Vulnerability in maven package org.xwiki.platform:xwiki-platform-logging-script