Filtered by vendor Fastify
Subscriptions
Filtered by product Reply-from
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66415 | 1 Fastify | 1 Reply-from | 2025-12-02 | N/A |
| fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0. | ||||
| CVE-2023-51701 | 1 Fastify | 1 Reply-from | 2025-06-03 | 5.3 Medium |
| fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0. | ||||
Page 1 of 1.