fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.2::el7 |
Mon, 19 Aug 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.2::el8 |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-03-02T03:35:17
Updated: 2024-08-03T18:09:15.229Z
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21322
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-02T04:15:12.597
Modified: 2024-11-21T05:48:01.163
Link: CVE-2021-21322
Redhat