{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T21:35:18.120","vulnerabilities":[{"cve":{"id":"CVE-2022-41919","sourceIdentifier":"security-advisories@github.com","published":"2022-11-22T20:15:11.110","lastModified":"2024-11-21T07:24:04.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as \"application/x-www-form-urlencoded\", \"multipart/form-data\", or \"text/plain\", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'."},{"lang":"es","value":"Fastify es un framework web con una arquitectura de complementos y gastos generales mínimos. El atacante puede utilizar el \"Content-Type\" incorrecto para omitir la comprobación \"Pre-Flight\" de \"fetch\". Las solicitudes `fetch()` con la esencia de Content-Type como \"application/x-www-form-urlencoded\", \"multipart/form-data\" o \"text/plain\", podrían usarse potencialmente para invocar rutas que solo acepta el tipo de contenido `application/json`, evitando así cualquier protección CORS y, por lo tanto, podría provocar un ataque de Cross-Site Request Forgery (CSRF). Este problema se solucionó en las versiones 4.10.2 y 3.29.4. Como workaround, implemente la protección contra Cross-Site Request Forgery (CSRF) utilizando `@fastify/csrf'."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.29.4","matchCriteriaId":"F1CB15D8-00EF-409B-8BE4-E1891670B7C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.10.2","matchCriteriaId":"B1452A5E-6C6B-45D9-B27F-75DE3D457CC4"}]}]}],"references":[{"url":"https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40fastify/csrf","source":"security-advisories@github.com"},{"url":"https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40fastify/csrf","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}