Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
Weakness
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fastify | Fastify | * | 5.7.2 (excluding) |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-dashboard-rhel8:1774282136 | * |
| Red Hat OpenShift AI 2.25 | RedHat | rhoai/odh-dashboard-rhel9:1776742021 | * |
| Red Hat OpenShift AI 2.25 | RedHat | rhoai/odh-mod-arch-model-registry-rhel9:1776742141 | * |
| Red Hat OpenShift Dev Spaces 3.27 | RedHat | devspaces/dashboard-rhel9:1774476526 | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/105.html
- https://cwe.mitre.org/data/definitions/273.html
- https://cwe.mitre.org/data/definitions/34.html
References
- https://fastify.dev/docs/latest/Reference/Validation-and-Serialization
- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
- https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821
- https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq
- https://hackerone.com/reports/3464114