VulnerableCode Package Details - pkg:npm/http-proxy@0.7.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-ftjz-3fh5-j7dz Aliases: GHSA-6x33-pw7p-hmpq GMS-2020-737	Denial of Service in http-proxy Versions of `http-proxy` prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an `ERR_HTTP_HEADERS_SENT` unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the `proxyReq.setHeader` function. For a proxy server running on `http://localhost:3000`, the following curl request triggers the unhandled exception: ```curl -XPOST http://localhost:3000 -d "$(python -c 'print("x"*1025)')"``` ## Recommendation Upgrade to version 1.18.1 or later	1.18.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ftjz-3fh5-j7dz
Aliases:
GHSA-6x33-pw7p-hmpq
GMS-2020-737

Denial of Service in http-proxy Versions of `http-proxy` prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an `ERR_HTTP_HEADERS_SENT` unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the `proxyReq.setHeader` function. For a proxy server running on `http://localhost:3000`, the following curl request triggers the unhandled exception: ```curl -XPOST http://localhost:3000 -d "$(python -c 'print("x"*1025)')"``` ## Recommendation Upgrade to version 1.18.1 or later

1.18.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ex6x-938w-6kbp	Insufficient Error Handling Because of the way errors are handled, an attacker that forces an error can crash the server, causing a denial of service.	GMS-2017-124
VCID-zgda-rtpk-bfbr	Improper Input Validation An attacker that forces an error can crash the server, causing a denial of service.	CVE-2017-16014 GHSA-9xw9-pvgv-6p76

Vulnerability

Summary

Aliases

VCID-ex6x-938w-6kbp

Insufficient Error Handling Because of the way errors are handled, an attacker that forces an error can crash the server, causing a denial of service.

GMS-2017-124

VCID-zgda-rtpk-bfbr

Improper Input Validation An attacker that forces an error can crash the server, causing a denial of service.

CVE-2017-16014
GHSA-9xw9-pvgv-6p76

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:07:43.113939+00:00	GHSA Importer	Fixing	VCID-zgda-rtpk-bfbr	https://github.com/advisories/GHSA-9xw9-pvgv-6p76	38.6.0
2026-06-04T20:37:57.372521+00:00	GitLab Importer	Affected by	VCID-ftjz-3fh5-j7dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy/GMS-2020-737.yml	38.6.0
2026-06-04T17:40:11.763611+00:00	GithubOSV Importer	Fixing	VCID-zgda-rtpk-bfbr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-9xw9-pvgv-6p76/GHSA-9xw9-pvgv-6p76.json	38.6.0
2026-06-02T04:37:45.693335+00:00	GitLab Importer	Fixing	VCID-zgda-rtpk-bfbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy/CVE-2017-16014.yml	38.6.0
2026-06-02T04:36:50.515531+00:00	GitLab Importer	Fixing	VCID-ex6x-938w-6kbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/http-proxy/GMS-2017-124.yml	38.6.0