CVE-2026-33805
- EPSS 0.33%
- Veröffentlicht 15.04.2026 10:13:25
- Zuletzt bearbeitet 01.06.2026 14:51:29
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added h...
CVE-2025-66415
- EPSS 0.15%
- Veröffentlicht 01.12.2025 22:39:32
- Zuletzt bearbeitet 06.02.2026 16:56:00
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific route...
CVE-2023-51701
- EPSS 0.48%
- Veröffentlicht 08.01.2024 14:15:46
- Zuletzt bearbeitet 21.11.2024 08:38:38
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=u...