{"id":"CVE-2020-8192","details":"A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.","aliases":["GHSA-xw5p-hw6r-2j98"],"modified":"2026-04-11T12:35:08.310022Z","published":"2020-07-30T13:15:11.313Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:fastify:fastify:3.0.0:rc4:*:*:*:node.js:*:*","extracted_events":[{"last_affected":"3.0.0-rc4"}],"source":"CPE_FIELD"}]},"references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/903521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fastify/fastify","events":[{"introduced":"0"},{"last_affected":"6b0ffc6672fb2bf4ba8e4337958c5ee46e6e0300"}],"database_specific":{"cpe":"cpe:2.3:a:fastify:fastify:2.14.1:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"2.14.1"}],"source":"CPE_FIELD"}}],"versions":["v0.1.0","v0.10.0","v0.11.0","v0.11.1","v0.12.0","v0.13.0","v0.13.1","v0.14.0","v0.14.1","v0.15.0","v0.15.1","v0.15.2","v0.15.3","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.19.1","v0.2.0","v0.20.0","v0.20.1","v0.21.0","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.25.1","v0.25.2","v0.25.3","v0.26.0","v0.26.1","v0.26.2","v0.27.0","v0.28.0","v0.28.1","v0.28.2","v0.29.0","v0.29.1","v0.29.2","v0.3.0","v0.30.0","v0.30.1","v0.30.2","v0.30.3","v0.31.0","v0.32.0","v0.33.0","v0.34.0","v0.35.0","v0.35.1","v0.35.2","v0.35.3","v0.35.4","v0.35.5","v0.35.6","v0.35.7","v0.36.0","v0.37.0","v0.38.0","v0.39.0","v0.39.1","v0.4.0","v0.40.0","v0.41.0","v0.42.0","v0.43.0","v0.5.0","v0.6.0","v0.7.0","v0.7.1","v0.8.0","v0.9.0","v1.0.0","v1.0.0-rc.1","v1.0.0-rc.2","v1.0.0-rc.3","v1.1.0","v1.1.1","v1.10.0","v1.11.0","v1.11.1","v1.11.2","v1.12.0","v1.12.1","v1.13.0","v1.2.0","v1.2.1","v1.3.0","v1.3.1","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.9.0","v2.0.0","v2.0.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.0-rc.4","v2.0.0-rc.5","v2.0.0-rc.6","v2.0.1","v2.1.0","v2.10.0","v2.11.0","v2.12.0","v2.12.1","v2.13.0","v2.13.1","v2.14.1","v2.2.0","v2.3.0","v2.4.0","v2.4.1","v2.5.0","v2.6.0","v2.7.0","v2.7.1","v2.8.0","v2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}