Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Node.js on-headers middleware

Summary Due to use of the Node.js on-headers middleware, DevOps Test Performance and Rational Performance Tester contain an Improper Handling of Unexpected Data Type vulnerability, potentially enabling header manipulation. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in on-headers-1.0.2.tgz

Summary Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.

Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may...

Security Bulletin: Multiple vulnerabilities may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-5889, CVE-2025-7339)

Summary There are multiple vulnerabilities in brace-expansion and on-headers used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability...

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

on-headers vulnerable to http response header manipulation

...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to data processing errors [CVE-2025-7339]

Summary Node.js module on-headers is used by IBM App Connect Enterprise Certified Container for processing HTTP requests. IBM App Connect Enterprise Certified Container operands are vulnerable to data processing errors. This bulletin provides patch information to address the reported vulnerabilit...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

SUSE CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

10by10-react-app (=1.2.1), 192.168.0.172 (=4.6.1) +13992 more potentially affected by CVE-2025-7339 via on-headers (>=0.0.0 <=1.0.2)

on-headers NPM version =0.0.0, =1.0.2, =1.0.0, =0.30.0, =0.2.0, =0.0.28, =4.11.0, =4.11.46 and more Source cves: CVE-2025-7339 Source advisory: OSV:GHSA-76C9-3JPH-RJ3Q...

on-headers is vulnerable to http response header manipulation

Impact A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Patches Users should upgrade to 1.1.0 Workarounds Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object t...

GHSA-76C9-3JPH-RJ3Q on-headers is vulnerable to http response header manipulation

Impact A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Patches Users should upgrade to 1.1.0 Workarounds Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object t...

org.webjars.npm:compression (>=1.5.2 <=1.7.4), org.webjars.npm:express-session (>=1.15.6 <=1.17.1) +1 more potentially affected by CVE-2025-7339 via org.webjars.npm:on-headers (=1.0.2)

org.webjars.npm:on-headers MAVEN version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:on-headers and may be impacted: - org.webjars.npm:compression =1.5.2, =1.15.6, =1.9.0, =1.9.1 Source cves: CVE-2025-7339 Source advisory:...

DEBIAN-CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-7339

CVE-2025-7339 describes a vulnerability in the on-headers Node.js middleware where a bug in versions &lt; 1.1.0 may cause response headers to be modified when an array is passed to response.writeHead(). The issue is patched in 1.1.0; users are urged to upgrade. A workaround is to pass an object t...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

on-headers 安全漏洞

on-headers is a jshttp open source application. A security vulnerability exists in on-headers version 1.1.0, which stems from the possibility of unintentional modification of the response header when passing an array to response.writeHead...