Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 02/03/2021 Updated: 08/03/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fastify-http-proxy project fastify-http-proxy

CWE-20 https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016 https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w https://www.npmjs.com/package/fastify-http-proxy https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21322

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect