← Back to CVEs
CVE-2018-3739
N/ADescription
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
CVE Details
CVSS v3.1 ScoreN/A
Published6/7/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
https-proxy-agent_project:https-proxy-agent
Weaknesses (CWE)
CWE-400CWE-125
References
https://hackerone.com/reports/319532(support@hackerone.com)
https://hackerone.com/reports/319532(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.