WS-2018-0085 (High) detected in http-proxy-agent-0.2.7.tgz #50

mend-for-github-com · 2020-02-03T07:10:56Z

WS-2018-0085 - High Severity Vulnerability

Vulnerable Library - http-proxy-agent-0.2.7.tgz

An HTTP(s) proxy `http.Agent` implementation for HTTP

Library home page: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-0.2.7.tgz

Path to dependency file: /tmp/ws-scm/labs-air/ui/ProjectAir/package.json

Path to vulnerable library: /tmp/ws-scm/labs-air/ui/ProjectAir/node_modules/proxy-agent/node_modules/http-proxy-agent/package.json

Dependency Hierarchy:

component-1.1.0.tgz (Root Library)
- component-remotes-1.2.0.tgz
  - cogent-0.4.3-fix-redirects.tgz
    - proxy-agent-1.1.1.tgz
      - ❌ http-proxy-agent-0.2.7.tgz (Vulnerable Library)

Found in HEAD commit: 91b4245b987bd63abaeb49223360180947327d49

Vulnerability Details

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.

Publish Date: 2018-04-25

URL: WS-2018-0085

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/607

Release Date: 2018-01-27

Fix Resolution: 2.1.0

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 3, 2020

torresashjian closed this as completed May 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0085 (High) detected in http-proxy-agent-0.2.7.tgz #50

WS-2018-0085 (High) detected in http-proxy-agent-0.2.7.tgz #50

mend-for-github-com bot commented Feb 3, 2020

WS-2018-0085 (High) detected in http-proxy-agent-0.2.7.tgz #50

WS-2018-0085 (High) detected in http-proxy-agent-0.2.7.tgz #50

Comments

mend-for-github-com bot commented Feb 3, 2020

WS-2018-0085 - High Severity Vulnerability