js · @nestjs/platform-fastifyCritical
@nestjs/platform-fastify Authentication Bypass via Trailing Slash
Middleware registered via MiddlewareConsumer.
What changed
Middleware registered via MiddlewareConsumer.forRoutes() can be bypassed by appending a trailing slash to the request URL.
Who it affects
Applications using @nestjs/platform-fastify with default Fastify adapter configuration and protecting routes via MiddlewareConsumer.forRoutes() middleware, especially standard CRUD routes like GET /resource and GET /resource/:id.
What to do today
Update @nestjs/platform-fastify to version 11.1.24 or later immediately.
The trail
Collected→
Audited→
Written→
Published