EPSS
Percentile
70.7%
fastify-http-proxy is vulnerable to authorization bypass. An attacker is able to escape the prefix of the proxied backend service and access restricted service such as the parent of the base URL.
github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w
www.npmjs.com/advisories/1645
www.npmjs.com/package/fastify-http-proxy