本頁列出影響 chimurai http-proxy-middleware 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-32997 | In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. | [email protected] | 4.0 | 0.08% | 2025-04-15 | 2025-10-21 |
| CVE-2025-32996 | In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. | [email protected] | 4.0 | 0.06% | 2025-04-15 | 2025-10-21 |
| CVE-2024-21536 | Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. | [email protected] | 7.5 | 0.35% | 2024-10-19 | 2024-11-01 |