fastify-reply-from is vulnerable to authorization bypass. An attacker is able to escape the prefix of the proxied backend service and access restricted service such as the parent of the base URL.
CPE | Name | Operator | Version |
---|---|---|---|
fastify-reply-from | le | 4.0.2 |