Security Bulletin: IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997.

Summary IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32996 DESCRIPTION: In http-proxy-middleware before 2.0.8 and 3.x before...

EUVD-2024-3014

Malicious code in bioql PyPI...

EUVD-2025-11356

Malicious code in bioql PyPI...

EUVD-2025-11355

Malicious code in bioql PyPI...

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in http-proxy-middleware has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

Linux Distros Unpatched Vulnerability : CVE-2025-32997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CVE-2025-32997 Note that Nessus relies on the...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF and credential leakage [CVE-2025-27152, CVE-2025-27789, CVE-2025-32996, CVE-2025-32997]

Summary Node.js modules axios and http-proxy-middleware are used by IBM App Connect Enterprise Certified Container for HTTP communications. Node.js module Babel is used for internal code generation. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF...

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial Of Service DoS. The vulnerability is due to improper conditional logic due to the absence of "else if", which allows an attacker to trigger writeBody twice and potentially disrupt normal application behavior...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS includes the following bug fix: Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. This release also addresses the following security vulnerabilitie...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the fixRequestBody function. An attacker can cause writeBody to be called multiple times, leading to unexpected behavior. Remediation A fix was pushed into the master branch but not yet...

GHSA-9GQV-WP59-FQ42 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

@amazeelabs/publisher (>=2.4.28 <=3.2.6), @angular-devkit/build-angular (>=18.0.0 <=20.0.0-next.5) +83 more potentially affected by CVE-2025-32996 via http-proxy-middleware (>=3.0.0 <=3.0.3)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =1.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =9.0.0, =9.0.0, =9.0.0, =3.11.0-beta.6, =3.26.12-beta.0 and more Source cves: CVE-2025-32996 Source advisory:...

@amazeelabs/publisher (>=2.4.28 <=3.2.6), @angular-devkit/build-angular (>=18.0.0 <=20.0.0-next.5) +83 more potentially affected by CVE-2025-32997 via http-proxy-middleware (>=3.0.0 <=3.0.3)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =1.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =9.0.0, =9.0.0, =9.0.0, =3.11.0-beta.6, =3.26.12-beta.0 and more Source cves: CVE-2025-32997 Source advisory:...

0xrtest (=1.0.0), 7qb-cli (=0.0.16) +2771 more potentially affected by CVE-2025-32996 via http-proxy-middleware (>=1.3.0 <=2.0.7)

http-proxy-middleware NPM version =1.3.0, =0.0.11, =0.0.6, =1.1.40, =0.1.10, =0.2.14, =1.6.0, =1.7.0, =0.0.39, =7.0.0, =8.3.0 and more Source cves: CVE-2025-32996 Source advisory: OSV:GHSA-4WWW-5P9H-95MH...

GHSA-4WWW-5P9H-95MH http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...