GHSA-8w57-jfpm-945m

Suggest an improvement
Source
https://github.com/advisories/GHSA-8w57-jfpm-945m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-8w57-jfpm-945m/GHSA-8w57-jfpm-945m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8w57-jfpm-945m
Published
2019-06-11T16:16:07Z
Modified
2023-04-11T00:26:58Z
Summary
Denial of Service in http-proxy-agent
Details

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources.

Recommendation

Update to version 2.1.0 or later.

Database specific 
{
    "github_reviewed_at": "2019-06-11T16:11:38Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "nvd_published_at": null,
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

npm / http-proxy-agent

Package

Name
http-proxy-agent
View open source insights on deps.dev
Purl
pkg:npm/http-proxy-agent

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0