Avoid using all malicious instances of the plaid-tiny-quickstart package.

@fastify/reply-from/.../reply-from@8.0.0 vulnerabilities

forward your HTTP request to another server, for fastify

latest version

12.0.0

latest non vulnerable version

12.0.0

first published

2 years ago

latest version published

14 days ago

licenses detected

MIT
>=0

View reply-from package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @fastify/reply-from package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M HTTP Request Smuggling @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of the `ContentType` header with additional whitespace and charset information. An attacker can bypass security checks by crafting a header that exploits this behavior. How to fix HTTP Request Smuggling? Upgrade `@fastify/reply-from` to version 9.6.0 or higher.	<9.6.0

HTTP Request Smuggling

@fastify/reply-from is a forward your HTTP request to another server, for fastify

Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of the ContentType header with additional whitespace and charset information. An attacker can bypass security checks by crafting a header that exploits this behavior.

How to fix HTTP Request Smuggling?

Upgrade @fastify/reply-from to version 9.6.0 or higher.

<9.6.0

Go back to all versions of this package