CVE-2026-55603
- EPSS 0.24%
- Veröffentlicht 22.06.2026 20:07:05
- Zuletzt bearbeitet 24.06.2026 16:44:28
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is...
CVE-2026-55602
- EPSS 0.4%
- Veröffentlicht 22.06.2026 15:58:08
- Zuletzt bearbeitet 23.06.2026 15:50:26
http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored sub...
CVE-2025-32996
- EPSS 0.39%
- Veröffentlicht 15.04.2025 00:00:00
- Zuletzt bearbeitet 21.10.2025 14:43:20
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVE-2025-32997
- EPSS 0.39%
- Veröffentlicht 15.04.2025 00:00:00
- Zuletzt bearbeitet 21.10.2025 14:42:43
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
CVE-2024-21536
- EPSS 1.01%
- Veröffentlicht 19.10.2024 05:15:13
- Zuletzt bearbeitet 01.11.2024 18:03:15
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the...