Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Node.js on-headers middleware

Summary Due to use of the Node.js on-headers middleware, DevOps Test Performance and Rational Performance Tester contain an Improper Handling of Unexpected Data Type vulnerability, potentially enabling header manipulation. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-7339

CVE-2025-7339 describes a vulnerability in the on-headers Node.js middleware where a bug in versions < 1.1.0 may cause response headers to be modified when an array is passed to response.writeHead(). The issue is patched in 1.1.0; users are urged to upgrade. A workaround is to pass an object t...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...