Steven Chim - Security Researcher - Exploit Intelligence Platform

CVE-2024-21536 WRITEUP HIGH WRITEUP

Chimurai Http-proxy-middleware < 2.0.7 - Denial of Service

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

CVSS 7.5

View Code

CVE-2025-32996 WRITEUP MEDIUM WRITEUP

http-proxy-middleware <2.0.8, <3.0.4 - Info Disclosure

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

CVSS 4.0

View Code

CVE-2025-32997 WRITEUP MEDIUM WRITEUP

Chimurai Http-proxy-middleware < 2.0.9 - Improper Condition Check

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

CVSS 4.0

View Code