A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote malicious users to redirect users to arbitrary websites via a double slash // followed by a domain: localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fastify fastify-static |