Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as with different casing or altered whitespacing before ;. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2 and v4.29.1. A workaround involves not specifying individual content types in the schema.
{
"cna_assigner": "GitHub_M",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32442.json",
"cwe_ids": [
"CWE-1287"
]
}{
"cpe": [
"cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*",
"cpe:2.3:a:fastify:fastify:4.29.0:*:*:*:*:node.js:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.3.2"
},
{
"introduced": "4.29.0"
},
{
"last_affected": "4.29.0"
}
]
}