Skip to main content

Http Proxy Middleware

3 CVEs product

Monthly

CVE-2025-32997 npm MEDIUM PATCH This Month

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Http Proxy Middleware Red Hat
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-32996 npm MEDIUM PATCH This Month

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Http Proxy Middleware Red Hat
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-21536 npm HIGH POC PATCH This Week

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Http Proxy Middleware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Http Proxy Middleware Red Hat
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Http Proxy Middleware Red Hat
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Http Proxy Middleware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy