npm package
fastify-static
pkg:npm/fastify-static
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22963 | — | < 4.2.4 | 4.2.4 | Oct 14, 2021 | A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications tha | ||
| CVE-2021-22964 | — | >= 4.2.4, < 4.4.1 | 4.4.1 | Oct 14, 2021 | A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnera |
- CVE-2021-22963Oct 14, 2021affected < 4.2.4fixed 4.2.4
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications tha
- CVE-2021-22964Oct 14, 2021affected >= 4.2.4, < 4.4.1fixed 4.4.1
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnera