MEDIUM 4.0
GHSA-9gqv-wp59-fq42
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
Details
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / http-proxy-middleware
Introduced in:
1.3.0 Fixed in: 2.0.9 Fix
npm install http-proxy-middleware@2.0.9 npm / http-proxy-middleware
Introduced in:
3.0.0 Fixed in: 3.0.5 Fix
npm install http-proxy-middleware@3.0.5 References
- https://nvd.nist.gov/vuln/detail/CVE-2025-32997 [ADVISORY]
- https://github.com/chimurai/http-proxy-middleware/pull/1096 [WEB]
- https://github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e [WEB]
- https://github.com/chimurai/http-proxy-middleware [PACKAGE]
- https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9 [WEB]
- https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5 [WEB]