This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:fastify:fastify-multipart:*:*:*:*:*:fastify:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "5.3.1"
}
]
}