CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-21322

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile43.31th
Published2021年3月2日
Last Modified2024年11月21日

Vulnerability Description

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.

Affected Platforms (CPE)

📦
Fastify Http Proxy Project

Fastify Http Proxy

< 4.3.1

References & Advisories

🔗 https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
🔗 https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w
🔗 https://www.npmjs.com/package/fastify-http-proxy
🔗 https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
🔗 https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w
🔗 https://www.npmjs.com/package/fastify-http-proxy

関連する脆弱性情報

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are ...

CVE-2026-477507.8

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and mo...

CVE-2026-477477.8

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and mo...