CVE-2021-21321
The CVE affects the npm package fastify-reply-from (a Fastify plugin used to forward requests to a backend). In versions prior to 4.0.2, a crafted URL could escape the proxied backend’s prefix (for example base URL /pub/), allowing access to resources that should be out of scope. Impact is data c...