Always-Incorrect Control Flow Implementation in http-proxy-middleware

CVE-2025-32996

http-proxy-middleware
org.webjars.npm:http-proxy-middleware

Medium

5.3/10

Summary

In http-proxy-middleware v1.3.0 through v2.0.7 and v3.x through v3.0.3, "writeBody" function can be called twice because "else if" is not used.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-670 - Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Apr 15, 2025

Always-Incorrect Control Flow Implementation in http-proxy-middleware

CVE-2025-32996

Summary

CWE-670 - Always-Incorrect Control Flow Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS