Lucene search
GoogleOSV:CVE-2017-16129HistoryJun 07, 2018 - 2:29 a.m.
CVE-2017-16129
2018-06-0702:29:03
Google
osv.dev
5
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
| CPE | Name | Operator | Version |
|---|---|---|---|
| superagent | eq | 0.19.1 | |
| superagent | eq | 1.7.0 | |
| superagent | eq | 0.14.9 | |
| superagent | eq | 3.6.2 | |
| superagent | eq | 3.0.0-alpha.3 | |
| superagent | eq | 1.1.0 | |
| superagent | eq | 0.12.0 | |
| superagent | eq | 0.16.0 | |
| superagent | eq | 0.18.1 | |
| superagent | eq | 2.1.0 |
Related
cve
cve
CVE-2017-16129
2018-06-07 02:29:03
nodejs
nodejs
Large gzip Denial of Service
2017-07-28 21:07:54
osv
osv
superagent vulnerable to zip bomb attacks
2018-08-09 20:13:01
nvd
nvd
CVE-2017-16129
2018-06-07 02:29:03
ubuntucve
ubuntucve
CVE-2017-16129
2018-06-07 00:00:00
cvelist
cvelist
CVE-2017-16129
2018-04-26 00:00:00
veracode
veracode
Large GZip Denial Of Service (DoS)
2017-11-01 05:32:56
prion
prion
Cross site request forgery (csrf)
2018-06-07 02:29:00
github
github
superagent vulnerable to zip bomb attacks
2018-08-09 20:13:01
debiancve
debiancve
CVE-2017-16129
2018-06-07 02:29:03
ibm
ibm