Description
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
Remediation
References
https://hackerone.com/reports/903521
Related Vulnerabilities
CVE-2021-32854 Vulnerability in maven package org.webjars.bower:textangular
CVE-2020-28503 Vulnerability in npm package copy-props
CVE-2017-16131 Vulnerability in npm package unicorn-list
CVE-2023-4316 Vulnerability in npm package zod
CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core