208 matches found
DEBIAN-CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
UBUNTU-CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
CVE-2017-16129
CVE-2017-16129 affects the HTTP client module superagent . It is vulnerable to ZIP-bomb attacks: a small ZIP can expand massively after decompression, causing unbounded CPU/memory usage and potential DoS. Exploitation requires the attacker to control the URL being requested. Some connected adviso...
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
Large GZip Denial Of Service (DoS)
superagent is vulnerable to large GZip denial of service DoS attacks aka ZIP bomb attacks. The attacks can be triggered when malicious HTTP servers send extremely large responses in a compressed form. Since the client does not limit the size of responses, it will end up consuming large amounts of...
Large gzip Denial of Service
Overview Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed...