Описание
Denial of Service in https-proxy-agent
Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Recommendation
Update to version 2.2.0 or later.
Пакеты
Наименование
https-proxy-agent
npm
Затронутые версииВерсия исправления
< 2.2.0
2.2.0
Связанные уязвимости
CVSS3: 8.2
redhat
около 8 лет назад
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
CVSS3: 9.1
nvd
больше 7 лет назад
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).