MEDIUM🇵🇱 Wersja polska

CVE-2023-51701

CVSS 5.3v3.1pub. 2024-01-08upd. 2024-11-21

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Fastify Reply From

    APP
    Fastify
    < 9.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-33805CRITICAL9.0PL ✓ten sam produkt

Usuwanie nagłówków proxy przez manipulację nagłówkiem Connection w @fastify/reply-from

CVE-2025-66415MEDIUM6.9ten sam produkt

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0,...

CVE-2026-14198CRITICAL9.1ten sam vendor

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before ...

CVE-2026-6556CRITICAL9.1ten sam vendor

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the...

CVE-2026-6270CRITICAL9.1PL ✓ten sam vendor

Pominięcie uwierzytelnienia w @fastify/middie — brak dziedziczenia middleware