VYPR

Reply From

by Fastify

Source repositories

CVEs (4)

  • CVE-2026-33805HigApr 15, 2026
    risk 0.49cvss 8.6epss 0.00

    @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests…

  • CVE-2025-66415Dec 1, 2025
    risk 0.00cvss epss 0.00

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from.…

  • CVE-2023-51701Jan 8, 2024
    risk 0.00cvss epss 0.00

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to…

  • CVE-2021-21321Mar 2, 2021
    risk 0.00cvss epss 0.02

    fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of…