CVE-2018-3739

Summary

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

Affected Software

VendorProductVersion RangeStatus
HackerOnehttps-proxy-agent node moduleVersions before 2.1.1affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References