You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"VulnerabilityID": "GHSA-6x33-pw7p-hmpq",
"InstalledVersion": "1.18.0"
},
{
"Layer": {
"DiffID": "sha256:e2ddedde812d03ee158150d58a19d4458068fc655e610b0b0e3e95b10b30c6af"
},
"PkgID": "http-proxy@1.18.0",
"Title": "Denial of Service in http-proxy",
"Status": "fixed",
"PkgName": "http-proxy",
"PkgPath": "src/.artifacts/.cache/Cypress/13.3.3/Cypress/resources/app/node_modules/http-proxy/package.json",
"Severity": "HIGH",
"DataSource": {
"ID": "ghsa",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm",
"Name": "GitHub Security Advisory npm"
},
"PrimaryURL": "https://github.com/advisories/GHSA-6x33-pw7p-hmpq",
"References": [
"https://github.com/http-party/node-http-proxy/pull/1447/commits/4718119ffbe895aecd9be0d6430357d44b4c7fd3",
"https://github.com/http-party/node-http-proxy/pull/1447/files",
"https://www.npmjs.com/advisories/1486"
],
"Description": "Versions of `http-proxy` prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an `ERR_HTTP_HEADERS_SENT` unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the `proxyReq.setHeader` function. \n\nFor a proxy server running on `http://localhost:3000`, the following curl request triggers the unhandled exception: \n -XPOST http://localhost:3000 -d \"$(python -c 'print(\"x\"*1025)')\"\n\n\n## Recommendation\n\nUpgrade to version 1.18.1 or later",
"FixedVersion": "1.18.1",
"SeveritySource": "ghsa",
Other
No response
The text was updated successfully, but these errors were encountered:
This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.
Current behavior
installed version is 1.18.0
Desired behavior
Upgrade the fixed version 1.18.1
Test code to reproduce
Cypress Version
13.3.3
Node version
16.20.2
Operating System
Debug Logs
Other
No response
The text was updated successfully, but these errors were encountered: