VEX for CVE-2025-32442:  In fastify different validation strategies for different content types have a possibility to bypass validation

Dependabot has reported the following vulnerability: CVE-2025-32442

Csaf-validator-service is not affected by this vulnerability because :

- only the versions v1.3.50 and v1.3.51 of the csaf-validator-service have dependencies to the affected fastify versions
-  csaf-validator-service uses  only one content type (JSON) and has no validation strategies


In Version v1.3.52 the dependency to fastify is updated to a non-vulnerable version


This is shown in the following VAX:

[bsi-2025-0003.json](https://github.com/user-attachments/files/19866202/bsi-2025-0003.json)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

VEX for CVE-2025-32442: In fastify different validation strategies for different content types have a possibility to bypass validation #148

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

VEX for CVE-2025-32442: In fastify different validation strategies for different content types have a possibility to bypass validation #148

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions