@fastify/reply-from@7.0.1 vulnerabilities

forward your HTTP request to another server, for fastify

latest version

9.8.0
latest non vulnerable version

10.0.0
first published

2 years ago
latest version published

12 days ago
View @fastify/reply-from package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @fastify/reply-from package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M HTTP Request Smuggling @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of the `ContentType` header with additional whitespace and charset information. An attacker can bypass security checks by crafting a header that exploits this behavior. How to fix HTTP Request Smuggling? Upgrade `@fastify/reply-from` to version 9.6.0 or higher.	<9.6.0

HTTP Request Smuggling

@fastify/reply-from is a forward your HTTP request to another server, for fastify

Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of the ContentType header with additional whitespace and charset information. An attacker can bypass security checks by crafting a header that exploits this behavior.

How to fix HTTP Request Smuggling?

Upgrade @fastify/reply-from to version 9.6.0 or higher.

<9.6.0

Go back to all versions of this package

@fastify/reply-from@7.0.1 vulnerabilities

forward your HTTP request to another server, for fastify

latest version

latest non vulnerable version

first published

latest version published

Direct Vulnerabilities