Browse all 5 CVE security advisories affecting Fastly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fastly provides a content delivery network (CDN) and edge computing platform to optimize website performance and security. Historically, the service has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from misconfigurations or flaws in its edge logic. In 2020, a critical WAF misconfiguration exposed numerous customer websites, while a 2021 RCE vulnerability in its image optimization service allowed attackers to execute arbitrary code. Despite these incidents, Fastly maintains a relatively low CVE count compared to other major cloud providers, with its security posture generally improving over time through enhanced validation and patching processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-38375 | @fastly/js-compute use-after-free in some host call implementations — js-compute-runtimeCWE-416 | 5.3 | Medium | 2024-06-26 |
| CVE-2022-39218 | Random number seed fixed during compilation — js-compute-runtimeCWE-335 | 7.5 | High | 2022-09-20 |
This page lists every published CVE security advisory associated with Fastly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.