npm package
http-proxy-middleware
pkg:npm/http-proxy-middleware
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32997 | — | >= 1.3.0, < 2.0.9 | 2.0.9 | Apr 15, 2025 | In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. | ||
| CVE-2025-32996 | — | >= 1.3.0, < 2.0.8 | 2.0.8 | Apr 15, 2025 | In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. | ||
| CVE-2024-21536 | — | < 2.0.7 | 2.0.7 | Oct 19, 2024 | Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to |
- CVE-2025-32997Apr 15, 2025affected >= 1.3.0, < 2.0.9fixed 2.0.9
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
- CVE-2025-32996Apr 15, 2025affected >= 1.3.0, < 2.0.8fixed 2.0.8
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
- CVE-2024-21536Oct 19, 2024affected < 2.0.7fixed 2.0.7
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to