What the vulnerability does

01Description

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

Key dates

02Disclosure timeline

July 30, 2020 CVE published
August 4, 2024 Record updated