WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #4

mend-for-github-com · 2021-03-09T14:41:53Z

WS-2018-0072 - High Severity Vulnerability

Vulnerable Library - https-proxy-agent-1.0.0.tgz

An HTTP(s) proxy `http.Agent` implementation for HTTPS

Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz

Path to dependency file: sdk-rest/package.json

Path to vulnerable library: sdk-rest/node_modules/https-proxy-agent/package.json

Dependency Hierarchy:

galaxy-parser-1.0.55.tgz (Root Library)
- github-9.3.1.tgz
  - ❌ https-proxy-agent-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: b5285c92cd84244b8d9967444d4eb9fe177aab0c

Found in base branch: master

Vulnerability Details

Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Publish Date: 2018-02-28

URL: WS-2018-0072

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/593

Release Date: 2018-01-27

Fix Resolution: 2.2.0

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 9, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #4

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #4

mend-for-github-com bot commented Mar 9, 2021

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #4

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #4

Comments

mend-for-github-com bot commented Mar 9, 2021

WS-2018-0072 - High Severity Vulnerability