CVE-2023-51701
published 2024-01-08CVE-2023-51701: fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.48%
37.7th percentile
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastify | fastify-reply-from | < 9.6.0 | 9.6.0 |
| fastify | reply-from | < 9.6.0 | 9.6.0 |
| fastify | reply-from | >= 0 < 9.6.0 | 9.6.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
@fastify/reply-from JSON Content-Type parsing confusion
osv·2024-01-08
CVE-2023-51701 [MEDIUM] @fastify/reply-from JSON Content-Type parsing confusion
@fastify/reply-from JSON Content-Type parsing confusion
### Impact
The main repo of fastify use [fast-content-type-parse](https://github.com/fastify/fast-content-type-parse) to parse request Content-Type, which will [trim after split](https://github.com/fastify/fast-content-type-parse/blob/2776d054dd48e9ce40b8d5e5ff9b46fee82b95f1/index.js#L59).
The [fastify-reply-from](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14) have not use this repo to unify the parse of Content-Type, which [won't trim](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14).
As a result, a reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by
GHSA
@fastify/reply-from JSON Content-Type parsing confusion
ghsa·2024-01-08
CVE-2023-51701 [MEDIUM] CWE-444 @fastify/reply-from JSON Content-Type parsing confusion
@fastify/reply-from JSON Content-Type parsing confusion
### Impact
The main repo of fastify use [fast-content-type-parse](https://github.com/fastify/fast-content-type-parse) to parse request Content-Type, which will [trim after split](https://github.com/fastify/fast-content-type-parse/blob/2776d054dd48e9ce40b8d5e5ff9b46fee82b95f1/index.js#L59).
The [fastify-reply-from](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14) have not use this repo to unify the parse of Content-Type, which [won't trim](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14).
As a result, a reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xphttps://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp
2024-01-08
Published