Description
The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split.
The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won’t trim.
Recommendation
Update the @fastify/reply-from package to the latest compatible version. Followings are version details:
- Affected version(s): < 9.6.0
- Patched version(s): 9.6.0
References
Related Issues
- cors-anywhere vulnerable to server-side request forgery - CVE-2020-36851
- Valid ECDSA signatures erroneously rejected in Elliptic - CVE-2024-48948
- Trix vulnerable to Cross-site Scripting on copy & paste - CVE-2025-46812
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Tags:
- npm
- @fastify/reply-from
Anything's wrong? Let us know Last updated on January 08, 2024