VYPR

npm package

http-proxy-middleware

pkg:npm/http-proxy-middleware

Vulnerabilities (3)

  • CVE-2025-32997Apr 15, 2025
    affected >= 1.3.0, < 2.0.9fixed 2.0.9

    In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

  • CVE-2025-32996Apr 15, 2025
    affected >= 1.3.0, < 2.0.8fixed 2.0.8

    In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

  • CVE-2024-21536Oct 19, 2024
    affected < 2.0.7fixed 2.0.7

    Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to