EPSS
Percentile
70.7%
fastify-reply-from is vulnerable to authorization bypass. An attacker is able to escape the prefix of the proxied backend service and access restricted service such as the parent of the base URL.
github.com/fastify/fastify-reply-from/commit/dea227dda606900cc01870d08541b4dcc69d3889
github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4
www.npmjs.com/advisories/1642
www.npmjs.com/package/fastify-reply-from