CVE-2022-39386: 
JavaScript vulnerability analysis and mitigation

The vulnerability (CVE-2022-39386) affects @fastify/websocket, a WebSocket support package for Fastify. The issue was discovered and disclosed on November 4, 2022, affecting versions 5.0.0 and versions greater than or equal to 6.0.0 but less than 7.1.1. The vulnerability could allow an application using @fastify/websocket to crash when receiving a specific, malformed packet (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High severity). The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Unchanged (S:U), with No impact on confidentiality (C:N) or integrity (I:N), but High impact on availability (A:H) (GitHub Advisory).

The primary impact of this vulnerability is on system availability. When exploited, the vulnerability can cause the application to crash upon receiving a specially crafted malformed packet (GitHub Advisory).

The vulnerability has been patched in versions 7.1.1 (for Fastify v4) and 5.0.1 (for Fastify v3). No known workarounds are available, though it may be possible to attach an error handler manually. The recommended solution is to upgrade to the patched versions (GitHub Advisory).