CVE-2017-16129
N/A
N/A
Summary
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | superagent node module | <3.7.0 | affected |
Weaknesses
- CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.