Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS05Z3F2LXdwNTktZnE0Ms4ABGxU

Moderate EPSS: 0.00053% (0.16291 Percentile) EPSS:
Permalink JSON

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

Affected Packages Affected Versions Fixed Versions
npm:http-proxy-middleware
PURL: pkg:npm/http-proxy-middleware
>= 1.3.0, < 2.0.9, >= 3.0.0, < 3.0.5 2.0.9, 3.0.5
8,072 Dependent packages
2,978,280 Dependent repositories
76,853,308 Downloads last month

Affected Version Ranges

All affected versions

1.3.0, 1.3.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4

All unaffected versions

0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.18.0, 0.19.0, 0.19.1, 0.19.2, 0.20.0, 0.21.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 2.0.9, 3.0.5

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

References:

Identifiers

GHSA-9gqv-wp59-fq42

CVE-2025-32997

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00053

EPSS Percentile: 0.16291

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chimurai/http-proxy-middleware

Date and time

Published

5 months ago

Updated

4 months ago

API

JSON