Improper Sanitization of 'auth' Parameter in https-proxy-agent Leads to DoS and Memory Leak

Improper Sanitization of 'auth' Parameter in https-proxy-agent Leads to DoS and Memory Leak

CVE-2018-3739 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

Learn more about our Web Application Penetration Testing UK.