CVE-2021-21321
Prefix escape
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.
fastify-reply-from es un paquete npm que es un plugin fastify para reenviar la petición http actual a otro servidor. En fastify-reply-from anterior a la versión 4.0.2, al diseñar una URL específica, es posible escapar del prefijo del servicio de backend proxy. Si la URL base del servidor proxy es "/pub/", el usuario espera que no sea posible acceder a "/priv" en el servicio de destino. En versiones afectadas, es posible. Esto se corrige en la versión 4.0.2
A flaw was found in fastify-reply-from. Escaping of the prefix of the proxied backend service is possible allowing an attacker, using a specially crafted URL, to gain access to directories that would otherwise be out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-03-02 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4 | Third Party Advisory | |
https://www.npmjs.com/package/fastify-reply-from | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/fastify/fastify-reply-from/commit/dea227dda606900cc01870d08541b4dcc69d3889 | 2021-03-09 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-21321 | 2021-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1942178 | 2021-08-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fastify-reply-from Project Search vendor "Fastify-reply-from Project" | Fastify-reply-from Search vendor "Fastify-reply-from Project" for product "Fastify-reply-from" | < 4.0.2 Search vendor "Fastify-reply-from Project" for product "Fastify-reply-from" and version " < 4.0.2" | node.js |
Affected
|