Https

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:https://github.com/fastify/fastify-static:*:*:*:*:*:*:*:*

part: a version: //github.com/fastify/fastify-static update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductHttps (b65e66a1-fb16-5533-954b-05eeb21e718a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-22964 vulnerable 2026-06-08 05:30:02.033624 Details available
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`.
Published: 2021-10-14T14:50:07.000Z
Updated: 2024-08-03T18:58:26.128Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-22963 vulnerable 2026-06-08 05:30:02.032393 Details available
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
Published: 2021-10-14T14:50:11.000Z
Updated: 2024-08-03T18:58:26.158Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.