Lucene search
K

5 matches found

Node.js
Node.js
added 2021/03/03 2:22 a.m.36 views

Prefix escape

Overview In fastify-http-proxy before version 4.3.1, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is...

7.5CVSS9.4AI score0.01924EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/03/03 2:18 a.m.6 views

@ddot/ddot-plugin-webpack (>=0.0.3 <=0.0.14), @harmonyjs/controller-auth-jwt (>=1.0.0 <=1.0.0-rc2.6) +8 more potentially affected by CVE-2021-21322 via fastify-http-proxy (>=0.7.0 <=4.1.0)

fastify-http-proxy NPM version =0.7.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0-alpha.2, =0.2.0, =1.1.0, =1.5.5 Source cves: CVE-2021-21322 Source advisory: OSV:GHSA-C4QR-GMR9-V23W...

10CVSS7.2AI score0.01924EPSS
Exploits0
OSV
OSV
added 2021/03/02 4:15 a.m.11 views

CVE-2021-21322

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...

9.8CVSS9.2AI score
Exploits0References3
Cvelist
Cvelist
added 2021/03/02 3:35 a.m.43 views

CVE-2021-21322 Prefix escape

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...

10CVSS9.5AI score0.01924EPSS
Exploits0References3
CVE
CVE
added 2021/03/02 3:35 a.m.155 views

CVE-2021-21322

CVE-2021-21322 affects the npm package fastify-http-proxy (a Fastify plugin for proxying HTTP requests). The vulnerability allows an attacker to escape the prefix of the proxied backend service by crafting a specific URL, potentially exposing or tampering with data exposed by the backend (confide...

10CVSS9.2AI score0.01924EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder