VYPR

npm package

@fastify/reply-from

pkg:npm/%40fastify/reply-from

Vulnerabilities (3)

  • CVE-2026-33805HigApr 15, 2026
    affected < 12.6.2fixed 12.6.2

    @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests

  • CVE-2025-66415Dec 1, 2025
    affected < 12.5.0fixed 12.5.0

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This

  • CVE-2023-51701Jan 8, 2024
    affected < 9.6.0fixed 9.6.0

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass