{"url":"http://public2.vulnerablecode.io/api/packages/68432?format=json","purl":"pkg:npm/%40fastify/reply-from@9.6.0","type":"npm","namespace":"@fastify","name":"reply-from","version":"9.6.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"12.5.0","latest_non_vulnerable_version":"12.5.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46797?format=json","vulnerability_id":"VCID-buxh-55a9-m3bu","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')\nfastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.","references":[{"reference_url":"https://github.com/fastify/fastify-reply-from/commit/cbd7c17c09e6476268e34f5e499a6b923e8acc18","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fastify/fastify-reply-from/commit/cbd7c17c09e6476268e34f5e499a6b923e8acc18"},{"reference_url":"https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51701","reference_id":"CVE-2023-51701","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51701"},{"reference_url":"https://github.com/advisories/GHSA-v2v2-hph8-q5xp","reference_id":"GHSA-v2v2-hph8-q5xp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v2v2-hph8-q5xp"},{"reference_url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp","reference_id":"GHSA-v2v2-hph8-q5xp","reference_type":"","scores":[],"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68432?format=json","purl":"pkg:npm/%40fastify/reply-from@9.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fastify/reply-from@9.6.0"}],"aliases":["CVE-2023-51701","GHSA-v2v2-hph8-q5xp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-buxh-55a9-m3bu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fastify/reply-from@9.6.0"}