6 matches found
EUVD-2025-200117
fastify-reply-from affected by bypass of reply forwarding...
fastify-reply-from affected by bypass of reply forwarding
Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...
CVE-2025-66415
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...
CVE-2025-66415 fastify-reply-from bypass of reply forwarding
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...
CVE-2025-66415
CVE-2025-66415 affects the Fastify plugin @fastify/reply-from . Affected versions allow bypassing route restrictions by crafting a malicious URL, enabling access to routes that should be disallowed when using reply.from. The vulnerability is described across multiple sources as a bypass of reply ...
PT-2025-48579
Name of the Vulnerable Software and Affected Versions fastify-reply-from versions prior to 12.5.0 Description fastify-reply-from is a Fastify plugin used to forward HTTP requests to another server. Versions of the plugin prior to 12.5.0 contain a flaw where a malicious URL can be crafted to allow...