WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #35

mend-bolt-for-github · 2019-06-06T16:50:59Z

WS-2018-0072 - High Severity Vulnerability

Vulnerable Library - https-proxy-agent-1.0.0.tgz

An HTTP(s) proxy `http.Agent` implementation for HTTPS

Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz

Path to dependency file: /probot-issue-versioning/package.json

Path to vulnerable library: /tmp/git/probot-issue-versioning/node_modules/https-proxy-agent/package.json

Dependency Hierarchy:

probot-0.7.1.tgz (Root Library)
- github-9.3.1.tgz
  - ❌ https-proxy-agent-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 401f73579c289637e10b6a10cb44727b52b03e1b

Vulnerability Details

Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Publish Date: 2018-04-25

URL: WS-2018-0072

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/593

Release Date: 2018-01-27

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #35

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #35

mend-bolt-for-github bot commented Jun 6, 2019

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #35

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz #35

Comments

mend-bolt-for-github bot commented Jun 6, 2019

WS-2018-0072 - High Severity Vulnerability