Affected versions of `http-proxy` are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash.

## Recommendation

Update to version 0.7.0 or later.

Affected Packages

npm http-proxy

Affected versions: 0 (fixed in 0.7.0)

Related CVEs

CVE-2017-16014

Key Information

GHSA ID

GHSA-9xw9-pvgv-6p76

Published

November 9, 2018 5:47 PM

Last Modified

September 13, 2023 7:36 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

http-proxy

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.