Search for packages
| purl | pkg:npm/http-proxy-middleware@3.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-aeuz-jzwr-zucw
Aliases: CVE-2024-21536 GHSA-c7qv-q95q-8v27 |
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. |
Affected by 2 other vulnerabilities. |
|
VCID-deza-pf5q-cqfy
Aliases: CVE-2025-32997 GHSA-9gqv-wp59-fq42 |
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. |
Affected by 0 other vulnerabilities. |
|
VCID-ff18-akd9-ebhu
Aliases: CVE-2025-32996 GHSA-4www-5p9h-95mh |
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:59:09.185502+00:00 | GitLab Importer | Affected by | VCID-ff18-akd9-ebhu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2025-32996.yml | 38.6.0 |
| 2026-06-12T19:59:08.039071+00:00 | GitLab Importer | Affected by | VCID-deza-pf5q-cqfy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2025-32997.yml | 38.6.0 |
| 2026-06-12T19:44:15.490510+00:00 | GitLab Importer | Affected by | VCID-aeuz-jzwr-zucw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy-middleware/CVE-2024-21536.yml | 38.6.0 |