GHSA-8w57-jfpm-945m

Опубликовано: 11 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Denial of Service in http-proxy-agent

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources.

Recommendation

Update to version 2.1.0 or later.

Ссылки

https://hackerone.com/reports/321631
https://github.com/TooTallNate/node-http-proxy-agent/blob/2.0.0/index.js#L80
https://www.npmjs.com/advisories/607

Пакеты

Наименование

http-proxy-agent

npm

Затронутые версииВерсия исправления

< 2.1.0

2.1.0

Дефекты

CWE-400

Дефекты

CWE-400