Listen to this Post
The vulnerability in `http-proxy-middleware` (versions < 2.0.8 and 3.x < 3.0.4) arises due to improper conditional branching, where `writeBody` can be invoked twice. The issue occurs because the code checks for conditions using multiple `if` statements instead of else if, leading to unintended multiple executions. When processing HTTP requests, the middleware may erroneously call `writeBody` more than once, potentially causing response corruption, memory leaks, or inconsistent proxy behavior. Attackers could exploit this flaw to manipulate responses, trigger crashes, or disrupt service integrity.
DailyCVE Form:
Platform: Node.js
Version: < 2.0.8, 3.0.0-3.0.3
Vulnerability: Double write
Severity: Moderate
Date: Apr 16, 2025
What Undercode Say:
Exploitation:
1. Craft malicious requests forcing `writeBody` duplication.
2. Observe inconsistent proxy responses.
3. Exploit memory leaks via repeated writes.
Protection:
1. Upgrade to `[email protected]` or `@3.0.4`.
2. Validate proxy responses for anomalies.
Analytics:
- Impact: Response manipulation, DoS potential.
- Attack Vector: Network-based, low complexity.
- Patch Speed: Critical (fixed in latest).
Commands:
npm install [email protected]
Detection Script:
const { createProxyMiddleware } = require('http-proxy-middleware');
if (createProxyMiddleware.version < '2.0.8' || (createProxyMiddleware.version >= '3.0.0' && createProxyMiddleware.version < '3.0.4')) {
console.log("Vulnerable version detected!");
}
Mitigation Code:
app.use('/api', createProxyMiddleware({
target: 'http://backend:3000',
changeOrigin: true,
onProxyRes: (proxyRes) => {
if (proxyRes.headers['content-length'] !== undefined) {
// Validate single write
}
}
}));
Exploit Proof-of-Concept:
POST /proxy-endpoint HTTP/1.1 Host: vulnerable-app Content-Length: 0 X-Malicious: true
Logging for Detection:
app.use((req, res, next) => {
console.log(<code>Proxy request: ${req.url}</code>);
next();
});
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

