nitrojs/nitro

nitrojs/nitro

Releases150

Frequency1 week 3 days

Last Release 16 days ago

Stars10.9K

Next Generation Server Toolkit. Create web servers with everything you need and deploy them wherever you prefer.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44373 ↗	May 13, 2026Wednesday, 13 May 2026, 21:16	5.3 MEDIUM	—
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.
CVE-2026-44372 ↗	May 13, 2026Wednesday, 13 May 2026, 21:16	6.1 MEDIUM	—
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.