Improper Validation of Specified Type of Input
CVE-2025-32442
Summary
Fastify is a fast and low-overhead web framework for Node.js. In versions 4.29.0 and 5.0.0-alpha.4 through 5.3.0, applications that specify different validation strategies for different content types have the possibility to bypass validation by providing a slightly altered content type, such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2. A workaround involves not specifying individual content types in the schema.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-1287 - Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Advisory Timeline
- Published
