Vulnerability Details CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
Products affected by CVE-2021-22963
-
cpe:2.3:a:fastify:fastify-static:-
-
cpe:2.3:a:fastify:fastify-static:0.1.0
-
cpe:2.3:a:fastify:fastify-static:0.10.0
-
cpe:2.3:a:fastify:fastify-static:0.11.0
-
cpe:2.3:a:fastify:fastify-static:0.12.0
-
cpe:2.3:a:fastify:fastify-static:0.13.0
-
cpe:2.3:a:fastify:fastify-static:0.14.0
-
cpe:2.3:a:fastify:fastify-static:0.2.0
-
cpe:2.3:a:fastify:fastify-static:0.2.1
-
cpe:2.3:a:fastify:fastify-static:0.3.0
-
cpe:2.3:a:fastify:fastify-static:0.4.0
-
cpe:2.3:a:fastify:fastify-static:0.4.1
-
cpe:2.3:a:fastify:fastify-static:0.5.0
-
cpe:2.3:a:fastify:fastify-static:0.6.0
-
cpe:2.3:a:fastify:fastify-static:0.8.0
-
cpe:2.3:a:fastify:fastify-static:0.9.0
-
cpe:2.3:a:fastify:fastify-static:1.0.0
-
cpe:2.3:a:fastify:fastify-static:1.1.0
-
cpe:2.3:a:fastify:fastify-static:2.0.0
-
cpe:2.3:a:fastify:fastify-static:2.1.0
-
cpe:2.3:a:fastify:fastify-static:2.2.0
-
cpe:2.3:a:fastify:fastify-static:2.3.0
-
cpe:2.3:a:fastify:fastify-static:2.3.1
-
cpe:2.3:a:fastify:fastify-static:2.3.2
-
cpe:2.3:a:fastify:fastify-static:2.3.3
-
cpe:2.3:a:fastify:fastify-static:2.3.4
-
cpe:2.3:a:fastify:fastify-static:2.4.0
-
cpe:2.3:a:fastify:fastify-static:2.5.0
-
cpe:2.3:a:fastify:fastify-static:2.5.1
-
cpe:2.3:a:fastify:fastify-static:2.6.0
-
cpe:2.3:a:fastify:fastify-static:2.7.0
-
cpe:2.3:a:fastify:fastify-static:3.0.0
-
cpe:2.3:a:fastify:fastify-static:3.0.1
-
cpe:2.3:a:fastify:fastify-static:3.1.0
-
cpe:2.3:a:fastify:fastify-static:3.2.0
-
cpe:2.3:a:fastify:fastify-static:3.2.1
-
cpe:2.3:a:fastify:fastify-static:3.3.0
-
cpe:2.3:a:fastify:fastify-static:3.3.1
-
cpe:2.3:a:fastify:fastify-static:3.4.0
-
cpe:2.3:a:fastify:fastify-static:3.5.0
-
cpe:2.3:a:fastify:fastify-static:4.0.0
-
cpe:2.3:a:fastify:fastify-static:4.0.1
-
cpe:2.3:a:fastify:fastify-static:4.1.0
-
cpe:2.3:a:fastify:fastify-static:4.2.0
-
cpe:2.3:a:fastify:fastify-static:4.2.1
-
cpe:2.3:a:fastify:fastify-static:4.2.2
-
cpe:2.3:a:fastify:fastify-static:4.2.3