CVE-2025-32997

In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

http-proxy-middleware 安全漏洞

http-proxy-middleware is a Node.js http proxy middleware for connect, express, next.js, etc. by Steven Chim Personal Developer. A security vulnerability exists in http-proxy-middleware versions prior to 2.0.8 and prior to 3.0.4, which stems from the fact that writeBody may be called twice...

CVE-2025-32996

CVE-2025-32996 affects the http-proxy-middleware project where, in versions before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because an else-if is missing. This is the underlying root cause and is reflected in related IBM and IBM X-Force bulletins that cite the same description. T...

PT-2025-16283 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.7 and earlier, http-proxy-middleware versions 3.x before 3.0.4 Description: The issue arises because writeBody can be called twice due to the absence of "else if". This can lead to information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2024-21536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]

Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in http-proxy-middleware

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of http-proxy-middleware Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By...

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled promise rejection error caused by micromatch, which can allow an attacker to crash the server by making requests to certain paths...

CVE-2024-21536

A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service DoS due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain path...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +31103 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=0.10.0 <=2.0.6)

http-proxy-middleware NPM version =0.10.0, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic...

@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...

GHSA-C7QV-Q95Q-8V27 Denial of service in http-proxy-middleware

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

Denial of service in http-proxy-middleware

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...