GHSA-2Q7R-29RG-6M5H fastify-reply-from affected by bypass of reply forwarding
Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...