57 matches found
EUVD-2026-37760
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...
GHSA-VMH5-MC38-953G undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...
Origin Validation Error
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...
CVE-2026-9697
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...
CVE-2026-6734
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...
PT-2026-50517
Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The ProxyAgent in undici silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. This causes the target HTTPS...
CVE-2011-0846
Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...
EUVD-2011-0858
Malware in sbrugna...
EUVD-2018-0249
Malware in sbrugna...
EUVD-2022-0521
Malicious code in bioql PyPI...
Malicious code in noblox.js-proxy-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49cb85854d6a908a38177c4a3c30ac7dd724e1f892e3fbfcb26bb3a146ad2dc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1582 Malicious code in noblox.js-proxy-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49cb85854d6a908a38177c4a3c30ac7dd724e1f892e3fbfcb26bb3a146ad2dc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nodejs-cookie-proxy-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 950519ee04e89711e7732a030f308fa4bbb8f2dfa48713ba1070bbaaaa32070c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +917 more potentially affected by CVE-2019-10196 via http-proxy-agent (>=0.2.7 <=2.0.0)
http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: CVE-2019-10196 Source advisory: OSV:GHSA-86WF-436M-H424...
Resource Exhaustion Denial of Service in http-proxy-agent
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
GHSA-86WF-436M-H424 Resource Exhaustion Denial of Service in http-proxy-agent
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...