NestJS Fastify Middleware Bypass Vulnerability Allowing Authentication and Authorization Bypass

A vulnerability exists in NestJS applications using the '@nestjs/platform-fastify' package, prior to version 11.1.11. This issue arises from a bypass in the Fastify URL encoding middleware, which can be exploited if the application relies on 'NestMiddleware' for security checks and applies middleware to specific routes using string paths or controllers. The vulnerability allows unauthenticated users to access protected routes, bypasses authorization on administrative endpoints, and can skip middleware that performs input validation or sanitization.

Impact

Exploitation of this vulnerability can lead to unauthorized access to protected routes, allowing unauthenticated users to bypass security checks. It also enables lower-privileged users to access restricted administrative endpoints, potentially leading to unauthorized actions or data exposure. Additionally, the vulnerability can disrupt input validation and sanitization processes, increasing the risk of malicious data being processed by the application.

Reproduction

To reproduce this vulnerability, create a NestJS application that uses the '@nestjs/platform-fastify' package. Apply middleware for authentication or authorization checks to specific routes using string paths or controllers. Once the application is set up, send a request to the targeted route with an encoded path that bypasses the middleware's URL matching. The request will be processed by the route's controller, skipping the applied middleware.

Remediation

Update the '@nestjs/platform-fastify' package to version 11.1.11 or later.