Advisories for Npm/Http-Proxy package

2020

Denial of Service in http-proxy

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function. For a proxy server running on http://localhost:3000, the following curl request triggers the unhandled exception: curl -XPOST http://localhost:3000 -d "$(python -c 'print("x"*1025)')" Recommendation …

2018
2017