{"url":"http://public2.vulnerablecode.io/api/packages/113050?format=json","purl":"pkg:npm/fastify@0.36.0","type":"npm","namespace":"","name":"fastify","version":"0.36.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.38.0","latest_non_vulnerable_version":"5.8.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12489?format=json","vulnerability_id":"VCID-gk5s-jk8s-7fet","summary":"Denial of Service via large JSON payload\nFastify is vulnerable to a denial-of-service attack by sending a request with Content-Type set to application/json and a very large payload.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3711","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56264","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3711"},{"reference_url":"https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76"},{"reference_url":"https://github.com/fastify/fastify/pull/627","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fastify/fastify/pull/627"},{"reference_url":"https://github.com/fastify/fastify/releases/tag/v0.38.0","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/fastify/fastify/releases/tag/v0.38.0"},{"reference_url":"https://hackerone.com/reports/303632","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://hackerone.com/reports/303632"},{"reference_url":"https://www.npmjs.com/advisories/564","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/564"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/364.json","reference_id":"364","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/364.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3711","reference_id":"CVE-2018-3711","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3711"},{"reference_url":"https://github.com/advisories/GHSA-mq6c-fh97-4gwv","reference_id":"GHSA-mq6c-fh97-4gwv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq6c-fh97-4gwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54584?format=json","purl":"pkg:npm/fastify@0.38.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/fastify@0.38.0"}],"aliases":["CVE-2018-3711","GHSA-mq6c-fh97-4gwv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gk5s-jk8s-7fet"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/fastify@0.36.0"}