VDB

GHSA-gwhp-pf74-vj37

GHSA-gwhp-pf74-vj37 PUBLISHED CVSS 9 CRITICAL

Fastify's connection header abuse enables stripping of proxy-added headers

Risk Scores

CVSS v4.0
9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N

Affected Products

VendorProductVersions
fastifyreply-from0, 0, 0
fastifyhttp-proxy0, 0, 0

Timeline

  • Apr 16, 2026 CVE Published
  • Apr 16, 2026 CVE Updated
  • Apr 16, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›