CVE-2018-3739

Denial of Service in https-proxy-agent

Description

Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to `Buffer()`. ## Recommendation Update to version 2.2.0 or later.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

9.1

Score Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Versions

https-proxy-agent < 2.2.0

Severity

Critical

Ecosystem

JavaScript

Publish Date

July 27, 2018

Modified Date

November 7, 2023