Http-proxy-middleware Security Vulnerabilities and Issues — Http-proxy-middleware CVE List

Lucene search

ChimuraiHttp-proxy-middleware

3 matches found

CVE•added 2024/10/19 5:15 a.m.•201 views

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

7.5CVSS7AI score0.00138EPSS

CVE•added 2025/04/15 3:15 a.m.•74 views

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

4CVSS4.5AI score0.00043EPSS

CVE•added 2025/04/15 3:15 a.m.•66 views

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

4CVSS7.2AI score0.00058EPSS