@fastify/reply-from

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @fastify/reply-frompage 1 of 1

CVE-2023-51701MEDIUMCVSS 5.3EG 5.3✓ Fixed in 9.6.0
2024-01-08
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json …
CVE-2025-66415MEDIUMCVSS 5.4EG 5.4✓ Fixed in 12.5.0
2025-12-01
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for spe…
CVE-2026-33805HIGHCVSS 8.6EG 8.6✓ Fixed in 12.6.2
2026-04-15
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip pr…

Check whether @fastify/reply-from is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @fastify/reply-from CVEs against the assets you own.

Start Free Scan →