Jsumners

**Name of the Vulnerable Software and Affected Versions** fastify versions 5.3.2 through 5.8.4 **Description** Applications using `schema.body.content` for per-content-type body validation are subject to a validation bypass. By prepending a space to the Content-Type header, the body is still parsed correctly, but the schema validation is skipped entirely. **Recommendations** Upgrade to version 5.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Fastify versions prior to 5.7.2 **Description** Fastify is a web framework for Node.js. A validation bypass exists where request body validation schemas specified by Content-Type can be circumvented. Appending a tab character (`t`) followed by arbitrary content to the Content-Type header allows attackers to bypass body validation while the server processes the body as the original content type. The affected API endpoint receives requests with a Content-Type header, and the vulnerable parameter is the Content-Type header itself. **Recommendations** Update to version 5.7.2 or later.