Improper Sanitization of 'auth' Parameter in https-proxy-agent Leads to DoS and Memory Leak
CVE-2018-3739 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:P
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Learn more about our Web Application Penetration Testing UK.