MEDIUM 4.0
GHSA-4www-5p9h-95mh
http-proxy-middleware can call writeBody twice because "else if" is not used
Details
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / http-proxy-middleware
Introduced in:
1.3.0 Fixed in: 2.0.8 Fix
npm install http-proxy-middleware@2.0.8 npm / http-proxy-middleware
Introduced in:
3.0.0 Fixed in: 3.0.4 Fix
npm install http-proxy-middleware@3.0.4 References
- https://nvd.nist.gov/vuln/detail/CVE-2025-32996 [ADVISORY]
- https://github.com/chimurai/http-proxy-middleware/pull/1089 [WEB]
- https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145 [WEB]
- https://github.com/chimurai/http-proxy-middleware [PACKAGE]
- https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8 [WEB]
- https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4 [WEB]