CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-21321

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile36.54th
Published2021年3月2日
Last Modified2024年11月21日

Vulnerability Description

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.

Affected Platforms (CPE)

📦
Fastify Reply From Project

Fastify Reply From

< 4.0.2

References & Advisories

🔗 https://github.com/fastify/fastify-reply-from/commit/dea227dda606900cc01870d08541b4dcc69d3889
🔗 https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4
🔗 https://www.npmjs.com/package/fastify-reply-from
🔗 https://github.com/fastify/fastify-reply-from/commit/dea227dda606900cc01870d08541b4dcc69d3889
🔗 https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4
🔗 https://www.npmjs.com/package/fastify-reply-from

相关漏洞威胁

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are ...

CVE-2026-477507.8

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and mo...

CVE-2026-477477.8

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and mo...

CVE-2026-464485.4

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement a...