### [CVE-2021-22963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22963)
![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Ffastify%2Ffastify-static&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Affects%20%3C%20v4.2.4.%20Fixed%20in%20%3E%3D%20v4.2.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Open%20Redirect%20(CWE-601)&color=brightgreen)

### Description

A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/kdairatchi/crackscanner