CVE-2021-21322 – fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requ …

2 March 2021

Vuln ID: CVE-2021-21322

Published: 2021-03-02 04:15:12Z

Description: fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.

Source: NVD.NIST.GOV

Date:

2 March 2021

Categorie(s):

NVD

Tag(s):

NVD

Discover How DeepL Write Pro Enhances Accuracy and Security26 April 2024
The #1 Reason Why Organizations Skip Security26 April 2024
Still On CentOS 6? ELevate Can Now Lift and Shift You to a Modern RHEL Clone26 April 2024
Zero Trust strategies for navigating IoT/OT security challenges26 April 2024
Second time lucky for Thoma Bravo, which scoops up Darktrace for $5.3B26 April 2024