Published on: 10/14/2021 12:00:00 AM UTC
Last Modified on: 10/14/2021 03:25:00 PM UTC
The following vulnerability was found:
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
- CVE-2021-22963 has been assigned by [email protected] to track the vulnerability
|HackerOne|| hackerone.com |
|@CVEreport||CVE-2021-22963 : A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to r… twitter.com/i/web/status/1…||2021-10-14 15:09:06|
|@threatmeter||fastify-static up to 4.2.3 redirect [CVE-2021-22963] A vulnerability, which was classified as problematic, was foun… twitter.com/i/web/status/1…||2021-10-15 07:50:25|