CVE-2019-10196
N/A
N/A
Summary
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | nodejs-http-proxy-agent | prior to nodejs-http-proxy-agent 2.1.0 | affected |
Weaknesses
- CWE-665: CWE-665
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.