CVE-2026-33805

A flaw was found in @fastify/reply-from and @fastify/http-proxy. A remote attacker can exploit this vulnerability by manipulating the Connection header in client requests. This allows the attacker to remove specific headers that the proxy has added for security, routing, or access control purpose...

HTTP Header Injection

Overview @fastify/http-proxy is a proxy http requests, for Fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for routing, access control,...

CVE-2021-21322

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...

fastify-http-proxy 输入验证错误漏洞

Docs fastify-http-proxy is Docs an open source application . It is used to forward all incoming requests with a given prefix or no prefix to the upstream. A security vulnerability exists in fastify-http-proxy that stems from the ability to escape the prefix of a proxy backend service by creating ...