3 matches found
CVE-2024-21536
CVE-2024-21536 affects http-proxy-middleware: versions before 2.0.7, and 3.0.0–before 3.0.3, are vulnerable to DoS due to an unhandled rejection in micromatch that can crash a Node.js server. The fix is in 2.0.7 (and 3.x later 3.0.3). Remediate by upgrading to a version containing the fix (e.g., ...
CVE-2025-32997
In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...
CVE-2025-32996
CVE-2025-32996 affects the http-proxy-middleware project where, in versions before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because an else-if is missing. This is the underlying root cause and is reflected in related IBM and IBM X-Force bulletins that cite the same description. T...