20 matches found
EUVD-2018-0249
Malware in sbrugna...
EUVD-2022-0521
Malicious code in bioql PyPI...
SUSE CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +918 more potentially affected by CVE-2019-10196 via http-proxy-agent (>=0.2.7 <=2.0.0)
http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: CVE-2019-10196 Source advisory: OSV:GHSA-86WF-436M-H424...
GHSA-86WF-436M-H424 Resource Exhaustion Denial of Service in http-proxy-agent
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
Resource Exhaustion Denial of Service in http-proxy-agent
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
Design/Logic Flaw
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2019-10196
The CVE-2019-10196 entry affects the http-proxy-agent package before version 2.1.0. The root cause is that the auth option is passed to the Buffer constructor without proper sanitization, enabling a Denial of Service that can consume all CPU resources, and potential data exposure due to an uninit...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
Nathan Rajlich node-http-proxy-agent 安全漏洞
Nathan Rajlich node-http-proxy-agent is an open source application by Nathan Rajlich. Provides an implementation of http.Agent to connect to a specified HTTP or HTTPS proxy server, and can be used with the built-in http module. A security vulnerability exists in http-proxy-agent prior to version...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
GHSA-8W57-JFPM-945M Denial of Service in http-proxy-agent
Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources. Recommendation Update to version 2.1.0 or later...
Denial of Service in http-proxy-agent
Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources. Recommendation Update to version 2.1.0 or later...
@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +918 more potentially affected by unknown CVE via http-proxy-agent (>=0.2.7 <=2.0.0)
http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8W57-JFPM-945M...
CVE-2018-3739
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...
Denial of Service
Overview Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. Recommendation Update to version 2.1.0 or later. References -...
Denial Of Service (DoS) Through Uninitialized Memory Leak
http-proxy-agent is susceptible to denial of service DoS. auth parameters are passed to the buffer constructor without proper sanitization, leading to DoS via uninitialized memory leak...
Node.js third-party modules: `http-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak
I would like to report a Buffer allocation vulnerability in http-proxy-agent. In setups where auth argument is user-controlled, it allows to: cause Denial of Service by trivially consuming all the available CPU resources extract uninitialized memory chunks from the server on Node.js This module...