Vulnerability Database

309,136

Total vulnerabilities in the database

Denial of Service in http-proxy-agent

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources.

Recommendation

Update to version 2.1.0 or later.

Published: Jun 11, 2019
Updated: Apr 14, 2023
GHSA: GHSA-8w57-jfpm-945m
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
http-proxy-agent	-	2.1.0

https://github.com/TooTallNate/node-http-proxy-agent/blob/2.0.0/index.js#L80
https://hackerone.com/reports/321631
https://www.npmjs.com/advisories/607

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo