Http Proxy Middleware

http-proxy-middleware

Vendor: Chimurai • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-32997 1Chimurai 1Http Proxy Middleware Oct 21, 2025 Apr 15, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
CVE-2025-32996 1Chimurai 1Http Proxy Middleware Oct 21, 2025 Apr 15, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVE-2024-21536 1Chimurai 1Http Proxy Middleware Nov 1, 2024 Oct 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the...Show more Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.Show less