This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x).
There are no known workaround.
Reported at https://hackerone.com/reports/1816195.
{ "nvd_published_at": "2023-02-14T16:15:00Z", "github_reviewed_at": "2023-02-14T21:49:55Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-400", "CWE-770" ] }