The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
CPE | Name | Operator | Version |
---|---|---|---|
superagent | eq | 0.19.1 | |
superagent | eq | 1.7.0 | |
superagent | eq | 0.14.9 | |
superagent | eq | 3.6.2 | |
superagent | eq | 3.0.0-alpha.3 | |
superagent | eq | 1.1.0 | |
superagent | eq | 0.12.0 | |
superagent | eq | 0.16.0 | |
superagent | eq | 0.18.1 | |
superagent | eq | 2.1.0 |