VYPR
High severityNVD Advisory· Published Oct 14, 2021· Updated Aug 3, 2024

CVE-2021-22964

CVE-2021-22964

Description

A redirect vulnerability in the fastify-static module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DOS vulnerability is possible if the URL contains invalid characters curl --path-as-is "http://localhost:3000//^/.."The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
fastify-staticnpm
>= 4.2.4, < 4.4.14.4.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.