H1-1025575 — Vulnetix

H1-1025575 PUBLISHED CVSS 5.900000095367432 MEDIUM

Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN

Risk Scores

CVSS 3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN (hackerone)
Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN (hackerone)

Timeline

Dec 10, 2020 CVE Published
Dec 10, 2020 PoC Published

References

Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›