GHSA-c4qr-gmr9-v23w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c4qr-gmr9-v23w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-c4qr-gmr9-v23w/GHSA-c4qr-gmr9-v23w.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-c4qr-gmr9-v23w
- Aliases
- Related
- Published
- 2021-03-03T02:18:08Z
- Modified
- 2023-11-01T04:54:11.946415Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Prefix escape
- Details
-
Impact
By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is
/pub/, a user expect that accessing/privon the target service would not be possible. Unfortunately, it is.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Patches
All releases after v4.3.1 include the fix.
Workarounds
There are no workaround available.
For more information
If you have any questions or comments about this advisory: * Open an issue in fastify-reply-from * Email us at hello@matteocollina.com
- Database specific
{ "github_reviewed_at": "2021-03-02T03:32:25Z", "nvd_published_at": "2021-03-02T04:15:00Z", "cwe_ids": [ "CWE-20" ], "severity": "LOW", "github_reviewed": true }- References
Affected packages
npm / fastify-http-proxy
Package
- Name
- fastify-http-proxy
- View open source insights on deps.dev
- Purl
- pkg:npm/fastify-http-proxy