7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
18.0%
The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split.
The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won’t trim.
As a result, a reverse proxy server built with @fastify/reply-from
could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8
. This can lead to bypass of security checks.
@fastify/reply-from
v9.6.0 include the fix.
There are no known workarounds.
Hackerone Report: https://hackerone.com/reports/2295770.
CPE | Name | Operator | Version |
---|---|---|---|
@fastify/reply-from | lt | 9.6.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
18.0%