Lucene search
HackeroneCVELIST:CVE-2017-16129HistoryApr 26, 2018 - 12:00 a.m.
CVE-2017-16129
2018-04-2600:00:00
CWE-409
hackerone
www.cve.org
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
CNA Affected
[
{
"product": "superagent node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<3.7.0"
}
]
}
]Related
cve
cve
CVE-2017-16129
2018-06-07 02:29:03
nodejs
nodejs
Large gzip Denial of Service
2017-07-28 21:07:54
osv
osv
superagent vulnerable to zip bomb attacks
2018-08-09 20:13:01
CVE-2017-16129
2018-06-07 02:29:03
nvd
nvd
CVE-2017-16129
2018-06-07 02:29:03
ubuntucve
ubuntucve
CVE-2017-16129
2018-06-07 00:00:00
veracode
veracode
Large GZip Denial Of Service (DoS)
2017-11-01 05:32:56
prion
prion
Cross site request forgery (csrf)
2018-06-07 02:29:00
github
github
superagent vulnerable to zip bomb attacks
2018-08-09 20:13:01
debiancve
debiancve
CVE-2017-16129
2018-06-07 02:29:03
ibm
ibm