Insufficient Error Handling in http-proxy

RSS Feed HIGH

GHSA-9xw9-pvgv-6p76 CVE-2017-16014

Description:

Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash.

Recommendation

Update to version 0.7.0 or later.

Affected Packages

Ecosystem	Package	Vulnerable Versions	Patched Version
npm	`http-proxy`	`<= 0.6.6`	`0.7.0`

Related Dependabot Pull Requests

All Open Closed Merged

No Related Pull Requests

No Dependabot pull requests have been found that reference this security advisory.

Actions

View on GitHub All Advisories

Advisory Details

Published:	November 09, 2018 over 7 years ago
Updated:	April 04, 2026 3 months ago
CVSS Score:	7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS:	0.27% 51th percentile
Source:	Github
Classification:	GENERAL
UUID:	`MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4dzktcHZndi02cDc2`

References

https://nvd.nist.gov/vuln/detail/CVE-2017-16014
https://github.com/nodejitsu/node-http-proxy/pull/101
https://github.com/advisories/GHSA-9xw9-pvgv-6p76
https://www.npmjs.com/advisories/323

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot