GHSA-9GQV-WP59-FQ42 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

@amazeelabs/publisher (>=2.4.28 <=3.2.6), @angular-devkit/build-angular (>=18.0.0 <=20.0.0-next.5) +83 more potentially affected by CVE-2025-32996 via http-proxy-middleware (>=3.0.0 <=3.0.3)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =1.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =9.0.0, =9.0.0, =9.0.0, =3.11.0-beta.6, =3.26.12-beta.0 and more Source cves: CVE-2025-32996 Source advisory:...

@amazeelabs/publisher (>=2.4.28 <=3.2.6), @angular-devkit/build-angular (>=18.0.0 <=20.0.0-next.5) +83 more potentially affected by CVE-2025-32997 via http-proxy-middleware (>=3.0.0 <=3.0.3)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =1.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =9.0.0, =9.0.0, =9.0.0, =3.11.0-beta.6, =3.26.12-beta.0 and more Source cves: CVE-2025-32997 Source advisory:...

0xrtest (=1.0.0), 7qb-cli (=0.0.16) +2771 more potentially affected by CVE-2025-32996 via http-proxy-middleware (>=1.3.0 <=2.0.7)

http-proxy-middleware NPM version =1.3.0, =0.0.11, =0.0.6, =1.1.40, =0.1.10, =0.2.14, =1.6.0, =1.7.0, =0.0.39, =7.0.0, =8.3.0 and more Source cves: CVE-2025-32996 Source advisory: OSV:GHSA-4WWW-5P9H-95MH...

GHSA-4WWW-5P9H-95MH http-proxy-middleware can call writeBody twice because "else if" is not used

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32996

CVE-2025-32996 affects the http-proxy-middleware project where, in versions before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because an else-if is missing. This is the underlying root cause and is reflected in related IBM and IBM X-Force bulletins that cite the same description. T...

CVE-2025-32997

In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...

http-proxy-middleware 安全漏洞

http-proxy-middleware is a Node.js http proxy middleware for connect, express, next.js, etc. by Steven Chim Personal Developer. A security vulnerability exists in http-proxy-middleware versions prior to 2.0.8 and prior to 3.0.4, which stems from the fact that writeBody may be called twice...

PT-2025-16284 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.9 and earlier, 3.x versions prior to 3.0.5 Description: The issue arises when fixRequestBody proceeds even if bodyParser has failed. This can lead to potential security risks. Recommendations: For versions...

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used...

PT-2025-16283 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.7 and earlier, http-proxy-middleware versions 3.x before 3.0.4 Description: The issue arises because writeBody can be called twice due to the absence of "else if". This can lead to information disclosure...

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...