CVE-2025-7339: CWE-241 in jshttp on-headers
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array.
CVE-2025-7339: CWE-241 in jshttp on-headers
Description
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- openjs
- Date Reserved
- 2025-07-07T20:01:14.812Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68791e47a83201eaace70a9c
Added to database: 7/17/2025, 4:01:11 PM
Last updated: 7/17/2025, 4:01:11 PM
Views: 1
Related Threats
CVE-2025-34126: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in RIPS Technologies RIPS Scanner
HighCVE-2025-47189: n/a
HighCVE-2025-54066: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in DIRACGrid diracx-web
MediumCVE-2025-34127: CWE-121 Stack-based Buffer Overflow in Achat Software Achat Chat Server
CriticalCVE-2025-54061: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.