Redirect Vulnerability in Fastify-Static Module by Fastify
CVE-2021-22963

6.1MEDIUM

Key Information:

Vendor: Fastify
Status: Https://github.com/fastify/fastify-static
Vendor: CVE Published:; 14 October 2021

What is CVE-2021-22963?

The fastify-static module prior to version 4.2.4 contains a redirect vulnerability that allows remote attackers to redirect users to malicious websites. When the redirect option is enabled (defaulting to false), a crafted request containing a double slash followed by a domain can exploit this flaw. This vulnerability affects all applications utilizing the fastify-static module without adequate input validation, potentially exposing users to phishing attacks or other security risks.

Affected Version(s)

https://github.com/fastify/fastify-static Affects < v4.2.4. Fixed in >= v4.2.4

References

https://hackerone.com/reports/1354255

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2021
Vulnerability Reserved
Jan 6, 2021

CVE-2021-22963 Data

JSON