MAL-2025-190647 Malicious code in @postman/tunnel-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6961dafcc910bb7a6b1db8cb597068eeb85f973dcd669392354a7b614928dbf5 The package @postman/tunnel-agent was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198643

Malicious code in @postman/tunnel-agent npm...

Malicious code in @postman/tunnel-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6961dafcc910bb7a6b1db8cb597068eeb85f973dcd669392354a7b614928dbf5 The package @postman/tunnel-agent was found to contain malicious code. Source: ghsa-malware...

Memory Exposure in tunnel-agent

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number. Proof-of-concept: js require'request' method: 'GET', uri: 'http://www.example.com', tunnel: true, proxy: protocol: 'http:',...

GHSA-XC7V-WXCW-J472 Memory Exposure in tunnel-agent

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number. Proof-of-concept: js require'request' method: 'GET', uri: 'http://www.example.com', tunnel: true, proxy: protocol: 'http:',...

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +29097 more potentially affected by unknown CVE via tunnel-agent (>=0.2.0 <=0.5.0)

tunnel-agent NPM version =0.2.0, =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tunnel-agent and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o...

Memory Exposure

Overview Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number. Proof-of-concept: js require'request' method: 'GET', uri: 'http://www.example.com', tunnel: true, proxy: protocol: 'http:',...

Information Disclosure

tunnel-agent is vulnerable to information disclosure. When the proxy.auth option is used when receiving a GET request, the library will unintentionally return data from uninitialized memory. A malicious user can leverage this to obtain sensitive information on the system...

Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780

Check for the Version of nodejs-tunnel-agent OpenVAS Vulnerability Test Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 18 Update: nodejs-tunnel-agent-0.3.0-1.fc18

HTTP proxy tunneling agent...