Fastify
cpe:2.3:a:fastify:fastify:*:*:*:*:node.js:*:*
- >= 5.7.2, <= 5.8.0
A vulnerability exists in Fastify versions 5.7.2 prior to 5.8.1, where the framework improperly validates 'Content-Type' headers. The issue arises because Fastify's regex for subtypes in content types lacks an end anchor, allowing headers with trailing characters to be accepted as valid. This behavior contradicts RFC 9110 §8.3.1, which specifies the correct formatting for content types. As a result, requests with malformed 'Content-Type' headers can bypass validation and be processed by the server, potentially leading to incorrect routing in applications that use regex-based content-type parsers.
Exploitation of this vulnerability allows requests with invalid 'Content-Type' headers to be processed by the server, bypassing normal validation checks. This could lead to improper handling of the request, especially in applications that rely on content-type parsing for routing or processing.
The vulnerability can be reproduced by sending a request to a Fastify server with a 'Content-Type' header that includes trailing characters after the subtype, such as 'application/json garbage'. The server will accept the header as valid and process the request, instead of rejecting it with a '415 Unsupported Media Type' response. This issue can be tested using a tool like Postman or curl, by manually adding a malformed 'Content-Type' header to the request.
Users can upgrade to Fastify version 5.8.1 or later, where this vulnerability has been patched.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.