Lucene search

K
osvGoogleOSV:CVE-2021-22964
HistoryOct 14, 2021 - 3:15 p.m.

CVE-2021-22964

2021-10-1415:15:08
Google
osv.dev
4

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

A redirect vulnerability in the fastify-static module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the URL contains invalid characters curl --path-as-is "http://localhost:3000//^/.."The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%