Skip to content

Denial of Service in https-proxy-agent

Critical severity GitHub Reviewed Published Jul 27, 2018 • Updated Sep 7, 2021

Package

npm https-proxy-agent (npm)

Affected versions

< 2.2.0

Patched versions

2.2.0

Description

Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Recommendation

Update to version 2.2.0 or later.

References

CVE ID

CVE-2018-3739

CVSS Score

9.1 Critical
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H