PT-2026-45490

Summary EntryPoint::FromStr in rattler conda types performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

Prefix escape

Overview In fastify-http-proxy before version 4.3.1, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is...

Prefix escape

Overview In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is...

CVE-2021-21321

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...

CVE-2021-21321 Prefix escape

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...

CVE-2021-21322 Prefix escape

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...

fastify-http-proxy 输入验证错误漏洞

Docs fastify-http-proxy is Docs an open source application . It is used to forward all incoming requests with a given prefix or no prefix to the upstream. A security vulnerability exists in fastify-http-proxy that stems from the ability to escape the prefix of a proxy backend service by creating ...

fastify-reply-from 存在输入验证错误漏洞

Matteo Collina fastify-reply-from is Matteo Collina an open source application . It is used to forward the current http request to another server. A security vulnerability exists in fastify-reply-from before version 4.0.2, which can be exploited to escape the prefix of a proxy backend service by...