A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/...The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
[
{
"product": "https://github.com/fastify/fastify-static",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects < v4.2.4. Fixed in >= v4.2.4"
}
]
}
]