Lucene search
K

6 matches found

Patchstack
Patchstack
added 2026/06/18 1:6 p.m.10 views

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 3.0.4, 3.0.7...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 1:6 p.m.12 views

http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

Summary fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData, which interpolates each req.body key and value directly in...

7.5CVSS5.4AI score0.00243EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/18 1:6 p.m.7 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the fixRequestBody function. An attacker can inject or override multipart form fields, potentially bypassing gateway-side validation or access controls, by supplying crafted input containing carriage return and line...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50735

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References5
Snyk
Snyk
added 2025/04/15 3:40 a.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the fixRequestBody function, which processes certain invalid requests without error. An attacker can manipulate the request body by sending requests that violate the expected...

6.3CVSS6.9AI score0.0039EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/15 3:30 a.m.19 views

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

5.3CVSS6.8AI score0.0039EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder