Denial of Service in http-proxy-agent
High severity
GitHub Reviewed
Published
Jun 11, 2019
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Description
Reviewed
Jun 11, 2019
Published to the GitHub Advisory Database
Jun 11, 2019
Last updated
Apr 11, 2023
Versions of
http-proxy-agentbefore 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed toBuffer. An attacker may leverage these unsanitized options to consume system resources.Recommendation
Update to version 2.1.0 or later.
References