CVE-2025-32997 | THREATINT

Description

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

PUBLISHED Reserved 2025-04-15 | Published 2025-04-15 | Updated 2025-04-15 | Assigner mitre

MEDIUM: 4.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

Any version before 2.0.9

affected

3.0.0 (semver) before 3.0.5

affected

References

github.com/...ommit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e

github.com/chimurai/http-proxy-middleware/pull/1096

github.com/...urai/http-proxy-middleware/releases/tag/v2.0.9

github.com/...urai/http-proxy-middleware/releases/tag/v3.0.5

cve.org (CVE-2025-32997)

nvd.nist.gov (CVE-2025-32997)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu