This page lists publicly disclosed CVE vulnerabilities affecting chimurai http-proxy-middleware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-32997 | In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. | [email protected] | 4.0 | 0.08% | 2025-04-15 | 2025-10-21 |
| CVE-2025-32996 | In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. | [email protected] | 4.0 | 0.06% | 2025-04-15 | 2025-10-21 |
| CVE-2024-21536 | Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. | [email protected] | 7.5 | 0.35% | 2024-10-19 | 2024-11-01 |