Description
The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split.
The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won’t trim.
Recommendation
Update the @fastify/reply-from package to the latest compatible version. Followings are version details:
- Affected version(s): < 9.6.0
- Patched version(s): 9.6.0
References
Related Issues
- Making all attributes on a content-type public without noticing it (GHSA-chmr-rg2f-9jmf) 2 - CVE-2023-34093
- Making all attributes on a content-type public without noticing it (GHSA-chmr-rg2f-9jmf) - CVE-2023-34093
- Making all attributes on a content-type public without noticing it - CVE-2023-34093
- fastify-reply-from affected by bypass of reply forwarding - CVE-2025-66415
- Tags:
- npm
- @fastify/reply-from
Anything's wrong? Let us know Last updated on January 08, 2024