CyberSec.Space Logo
Back to CVE Browser

CVE-2021-21322

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile43.31th
PublishedMar 2, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.

Affected Platforms (CPE)

πŸ“¦
Fastify Http Proxy Project

Fastify Http Proxy

< 4.3.1

References & Advisories

πŸ”— https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
πŸ”— https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w
πŸ”— https://www.npmjs.com/package/fastify-http-proxy
πŸ”— https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
πŸ”— https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w
πŸ”— https://www.npmjs.com/package/fastify-http-proxy

Related Vulnerabilities

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...