Improper Access Control

fastify-reply-from is vulnerable to Improper Access Control. The vulnerability is due to insufficient validation of forwarded URLs in reply.from, which allows an attacker to craft malicious URLs and access unauthorized routes...

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

Fastify 安全漏洞

Fastify is a web framework from Fastify open source. A security vulnerability exists in Fastify that originates from an attacker being able to construct malicious URLs to access unauthorized routes, potentially leading to over-the-top access...

GHSA-HGGV-MCP4-VXC5 Improper Authentication in FreeTAKServer

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...

RIP Poisoning Routing Table Modification

The remote RIP listener accepts routes that are not sent by a neighbor. This cannot happen in the RIP protocol as defined by RFC2453, and although the RFC is silent on this point, such routes should probably be ignored. A remote attacker might use this flaw to access the local network if it is no...