Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
WS-2018-0076 (Medium) detected in tunnel-agent-0.4.3.tgz #15
WS-2018-0076 - Medium Severity Vulnerability
HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.
Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz
Path to dependency file: /cypress/packages/server/package.json
Path to vulnerable library: /tmp/git/cypress/packages/server/node_modules/node-webkit-updater/node_modules/tunnel-agent/package.json
Found in HEAD commit: 29dcad339d37f2169e5a640bf8d0d1438f7c18c2
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.
This is exploitable if user supplied input is provided to the auth value and is a number.
Publish Date: 2018-04-25
Type: Upgrade version
Release Date: 2018-01-27
Fix Resolution: 0.6.0
Step up your Open Source Security Game with WhiteSource here