CVE-2021-21321 Information
Description
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2 by crafting a specific URL it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/\ a user expect that accessing /priv\ on the target service would not be possible. In affected versions it is possible. This is fixed in version 4.0.2.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Reference
https://www.npmjs.com/package/fastify-reply-from
https://github.com/fastify/fastify-reply-from/commit/dea227dda606900cc01870d08541b4dcc69d3889
https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4
fastify-reply-from
is
an
npm
package
which
is
a
fastify
plugin
to
forward
the
current
http
request
to
another
server.
In
fastify-reply-from
before
version
4.0.2
by
crafting
a
specific
URL
it
is
possible
to
escape
the
prefix
of
the
proxied
backend
service.
If
the
base
url
of
the
proxied
server
is
/pub/
a
user
expect
that
accessing
/priv
on
the
target
service
would
not
be
possible.
In
affected
versions
it
is
possible.
This
is
fixed
in
version
4.0.2.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
10.0
Share on: