Lucene search
K

6 matches found

EUVD
EUVD
added 2025/12/02 12:38 a.m.4 views

EUVD-2025-200117

fastify-reply-from affected by bypass of reply forwarding...

6.9CVSS6.4AI score0.00152EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/02 12:38 a.m.8 views

fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

6.9CVSS6.8AI score0.00152EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/01 11:15 p.m.4 views

CVE-2025-66415

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS0.00152EPSS
Exploits0References2
OSV
OSV
added 2025/12/01 10:39 p.m.6 views

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS6.7AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2025/12/01 10:39 p.m.12 views

CVE-2025-66415

CVE-2025-66415 affects the Fastify plugin @fastify/reply-from . Affected versions allow bypassing route restrictions by crafting a malicious URL, enabling access to routes that should be disallowed when using reply.from. The vulnerability is described across multiple sources as a bypass of reply ...

6.9CVSS6.4AI score0.00152EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.7 views

PT-2025-48579

Name of the Vulnerable Software and Affected Versions fastify-reply-from versions prior to 12.5.0 Description fastify-reply-from is a Fastify plugin used to forward HTTP requests to another server. Versions of the plugin prior to 12.5.0 contain a flaw where a malicious URL can be crafted to allow...

6.9CVSS5.4AI score0.00152EPSS
Exploits0References8
Rows per page
Query Builder