Lucene search
HackeroneCVELIST:CVE-2021-22963HistoryOct 14, 2021 - 2:50 p.m.
CVE-2021-22963
2021-10-1414:50:11
CWE-601
hackerone
www.cve.org
4
fastify-static
redirect vulnerability
cve-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/...The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
CNA Affected
[
{
"product": "https://github.com/fastify/fastify-static",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects < v4.2.4. Fixed in >= v4.2.4"
}
]
}
]References
Related
github
github
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static
2021-10-05 20:24:49
nvd
nvd
CVE-2021-22963
2021-10-14 15:15:08
prion
prion
Design/Logic Flaw
2021-10-14 15:15:00
redhatcve
redhatcve
CVE-2021-22963
2021-10-18 15:05:10
osv
osv
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static
2021-10-05 20:24:49
CVE-2021-22963
2021-10-14 15:15:08
cve
cve
CVE-2021-22963
2021-10-14 15:15:08
hackerone
hackerone
redhat
redhat