8 matches found
PT-2026-45490
Name of the Vulnerable Software and Affected Versions rattler versions prior to 0.43.2 pixi versions prior to 0.69.0 rattler-build versions prior to 0.65.0 py-rattler affected versions not specified Description The EntryPoint::FromStr function in rattler conda types only applies a .trim operation...
Prefix escape
Overview In fastify-http-proxy before version 4.3.1, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is...
Prefix escape
Overview In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is...
CVE-2021-21321
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...
CVE-2021-21321 Prefix escape
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...
CVE-2021-21322 Prefix escape
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...
fastify-reply-from 存在输入验证错误漏洞
Matteo Collina fastify-reply-from is Matteo Collina an open source application . It is used to forward the current http request to another server. A security vulnerability exists in fastify-reply-from before version 4.0.2, which can be exploited to escape the prefix of a proxy backend service by...
fastify-http-proxy 输入验证错误漏洞
Docs fastify-http-proxy is Docs an open source application . It is used to forward all incoming requests with a given prefix or no prefix to the upstream. A security vulnerability exists in fastify-http-proxy that stems from the ability to escape the prefix of a proxy backend service by creating ...