VYPR

npm package

@fastify/http-proxy

pkg:npm/%40fastify/http-proxy

Vulnerabilities (1)

  • CVE-2026-33805HigApr 15, 2026
    affected < 11.4.4fixed 11.4.4

    @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests