CVE-2021-21321 | fastify-reply-from is an npm package which is a fastify plug… | CVSS 10.0 CRITICAL

Description

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.

Metadata

CVE ID: CVE-2021-21321
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2020-12-22 00:00 UTC
Published: 2021-03-02 03:35 UTC
Last updated: 2024-08-03 18:09 UTC
Primary CWE: CWE-20
CWE-20 Improper Input Validation
Vendor / Product: fastify / fastify-reply-from
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
fastify	fastify-reply-from	—	< 4.0.2

Weakness (CWE)

CWE	Source	Description
CWE-20	cna	CWE-20 Improper Input Validation

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

References (3)