Denial of Service in https-proxy-agent

Withdrawn: Duplicate of GHSA-8g7p-74h8-hg48...

GHSA-QRG3-F6H6-VQ8Q Denial of Service in https-proxy-agent

Withdrawn: Duplicate of GHSA-8g7p-74h8-hg48...

Machine-In-The-Middle in https-proxy-agent

Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

0.8.18-p11 (=0.8.18-p12), 3scale-cm (=0.7.2) +2677 more potentially affected by unknown CVE via https-proxy-agent (>=0.3.6 <=2.2.2)

https-proxy-agent NPM version =0.3.6, =0.0.1, =1.0.1, =0.0.1, =0.1.0, =0.1.0, =2.0.0, =1.0.0, =0.1.5, =0.0.1, =0.0.7 - @angular-template/ng1-build =2.0.0-beta.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PC5P-H8PF-MVWP...

CVE-2018-3739

A flaw was found in https-proxy-agent, prior to version 2.2.0. It was discovered https-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Machine-In-The-Middle

Overview Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

GHSA-8G7P-74H8-HG48 Denial of Service in https-proxy-agent

Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later...

Denial of Service in https-proxy-agent

Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later...

Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

https-proxy-agent memory leak vulnerability

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent versions prior to 2.1.1, which stems from a failure of the program to perform proper filtering. An attacker can exploit this vulnerability by submitting input e.g. JSON to the...

CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

Design/Logic Flaw

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

CVE-2018-3739

CVE-2018-3739 affects the Node.js https-proxy-agent module. The root cause is passing the auth option to the Buffer constructor without proper sanitization, enabling a remote attacker to cause denial of service and memory leak through crafted input in the auth parameter (e.g., JSON). Reported in ...

Denial of Service

Overview Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later. References - index.js Line 207 - HackerOne Report - GitHub Advisory...

Node.js third-party modules: `https-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

I would like to report a Buffer allocation vulnerability in https-proxy-agent. In setups where auth argument is user-controlled, it allows to: 1. cause Denial of Service by trivially consuming all the available CPU resources 2. extract uninitialized memory chunks from the server on Node.js This...