VYPR

HTTP Proxy Middleware

by Chimurai

Source repositories

CVEs (3)

  • CVE-2025-32997MedApr 15, 2025
    risk 0.19cvss 4.0epss 0.00

    In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

  • CVE-2025-32996MedApr 15, 2025
    risk 0.19cvss 4.0epss 0.00

    In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

  • CVE-2026-55602Jun 18, 2026
    risk 0.00cvss epss 0.00

    # Summary `http-proxy-middleware` documents `router` proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted `Host` header that is only a…