Homepage
About Snyk

fastify-static@4.3.0 vulnerabilities

`fastify-static@4.7.0` has been deprecated. Please use `@fastify/static@5.0.0` instead.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the fastify-static package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Open Redirect

fastify-static is a plugin for serving static files as fast as possible.

Affected versions of this package are vulnerable to Open Redirect via a double slash followed by a domain. This may lead to a Denial-of-Service if the url contains invalid characters such as curl --path-as-is "http://localhost:3000//^/..".

Note: This only applies to Mozilla Firefox users, and if the application sets redirect: true, which is false by default.

How to fix Open Redirect?

Upgrade fastify-static to version 4.4.1 or higher.

>=4.2.4 <4.4.1
Go back to all versions of this package