VYPR
Low severity3.4OSV Advisory· Published Jul 17, 2025· Updated Apr 15, 2026

CVE-2025-7339

CVE-2025-7339

Description

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions <1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead(). Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object to response.writeHead() rather than an array.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
on-headersnpm
< 1.1.01.1.0

Affected products

51

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.