HTTP: Fastify ContentTypeParser Denial of Service
This signature detects attempts to exploit a known vulnerability against Fastify. A successful attack can result in a denial-of-service condition.
Extended Description
fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.
Affected Products
Fastify fastify
References
CVE: CVE-2022-39288
Short Name
HTTP:DOS:FASTIFY-CONT-TYPE-PRSR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-39288 ContentTypeParser Denial Fastify Service of
Release Date
10/19/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3538
False Positive
Unknown
Vendors
Fastify