3 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-16129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes sever...
192.168.0.172 (=4.6.1), 2ch (>=0.1.0 <=0.1.3) +6492 more potentially affected by CVE-2017-16129 via superagent (>=0.10.0 <=3.6.3)
superagent NPM version =0.10.0, =0.1.0, =0.13.0, =0.0.2, =0.0.1, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.1.0, =0.1.6 and more Source cves: CVE-2017-16129 Source advisory: OSV:GHSA-8225-6CVR-8PQP...
CVE-2017-16129
CVE-2017-16129 affects the HTTP client module superagent . It is vulnerable to ZIP-bomb attacks: a small ZIP can expand massively after decompression, causing unbounded CPU/memory usage and potential DoS. Exploitation requires the attacker to control the URL being requested. Some connected adviso...