Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@fastify-reply-from JSON Content-Type parsing confusion
Vulnerability Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Fastify 安全漏洞
Vulnerability Description
Fastify是OpenJS基金会的一款用于Node.js的开源Web框架。 Fastify fastify-reply-from 9.6.0之前版本存在安全漏洞,该漏洞源于使用fastify/reply-from通过header传递正文可能会被误解,导致绕过安全检查。
CVSS Information
N/A
Vulnerability Type
N/A