admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-09 03:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-02 04:00:44 +00:00
parent 60bf66ccdd
commit 8f597d1b60
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/21xxx/CVE-2021-21321.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service.\nIf the base url of the proxied server is \"/pub/\", a user expect that accessing \"/priv\" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2."
"value": "fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is \"/pub/\", a user expect that accessing \"/priv\" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2."
}
]
},