GHSA-qmw8-3v4g-gwj4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qmw8-3v4g-gwj4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-qmw8-3v4g-gwj4/GHSA-qmw8-3v4g-gwj4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qmw8-3v4g-gwj4
- Aliases
- Related
- Published
- 2021-03-03T01:52:05Z
- Modified
- 2023-11-01T04:54:11.886750Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Prefix escape
- Details
-
Impact
By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is
/pub/, a user expect that accessing/privon the target service would not be possible. Unfortunately, it is.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Patches
A patch have been submitted by Corey Farrell git@cfware.com, the reporter. All releases after v4.0.2 include the fix.
Workarounds
There are no workaround available.
For more information
If you have any questions or comments about this advisory: * Open an issue in fastify-reply-from * Email us at hello@matteocollina.com
- Database specific
{ "nvd_published_at": "2021-03-02T04:15:00Z", "github_reviewed_at": "2021-03-02T03:32:13Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }- References
Affected packages
npm / fastify-reply-from
Package
- Name
- fastify-reply-from
- View open source insights on deps.dev
- Purl
- pkg:npm/fastify-reply-from