Lucene search
K

98 matches found

OSV
OSV
added 2025/04/15 3:30 a.m.3 views

GHSA-4WWW-5P9H-95MH http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

4CVSS5.8AI score0.00412EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/04/15 3:30 a.m.29 views

http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

5.3CVSS6.8AI score0.00412EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/15 3:30 a.m.20 views

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

5.3CVSS6.8AI score0.00417EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/04/15 3:15 a.m.17 views

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

5.3CVSS0.00412EPSS
Exploits0References4
NVD
NVD
added 2025/04/15 3:15 a.m.19 views

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

5.3CVSS0.00417EPSS
Exploits0References4
OSV
OSV
added 2025/04/15 12:0 a.m.23 views

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

4CVSS6.9AI score0.00417EPSS
Exploits0References6
OSV
OSV
added 2025/04/15 12:0 a.m.16 views

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

4CVSS6.8AI score0.00412EPSS
Exploits0References6
CVE
CVE
added 2025/04/15 12:0 a.m.138 views

CVE-2025-32996

CVE-2025-32996 affects the http-proxy-middleware project where, in versions before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because an else-if is missing. This is the underlying root cause and is reflected in related IBM and IBM X-Force bulletins that cite the same description. T...

5.3CVSS7.2AI score0.00412EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/04/15 12:0 a.m.139 views

CVE-2025-32997

In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...

5.3CVSS4.5AI score0.00417EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.4 views

http-proxy-middleware 安全漏洞

http-proxy-middleware is a Node.js http proxy middleware for connect, express, next.js, etc. by Steven Chim Personal Developer. A security vulnerability exists in http-proxy-middleware versions prior to 2.0.9 and prior to 3.0.5, which stems from the bodyParser failing and continuing to process...

5.3CVSS6.5AI score0.00417EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/15 12:0 a.m.26 views

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

4CVSS0.00417EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.3 views

http-proxy-middleware 安全漏洞

http-proxy-middleware is a Node.js http proxy middleware for connect, express, next.js, etc. by Steven Chim Personal Developer. A security vulnerability exists in http-proxy-middleware versions prior to 2.0.8 and prior to 3.0.4, which stems from the fact that writeBody may be called twice...

5.3CVSS6.5AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/15 12:0 a.m.21 views

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

4CVSS0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.10 views

PT-2025-16284 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.9 and earlier, 3.x versions prior to 3.0.5 Description: The issue arises when fixRequestBody proceeds even if bodyParser has failed. This can lead to potential security risks. Recommendations: For versions...

4CVSS5.7AI score0.00417EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16283 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.7 and earlier, http-proxy-middleware versions 3.x before 3.0.4 Description: The issue arises because writeBody can be called twice due to the absence of "else if". This can lead to information disclosure...

4CVSS5.4AI score0.00412EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/04/15 12:0 a.m.12 views

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

4CVSS7.2AI score0.00417EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-21536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an...

7.5CVSS7.9AI score0.01017EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:46 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...

7.5CVSS6.6AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 2:27 p.m.15 views

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

7.5CVSS7.6AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]

Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

7.5CVSS6.5AI score0.01017EPSS
Exploits1Affected Software1
Rows per page
Query Builder