https-proxy-agent@0.3.4 vulnerabilities
An HTTP(s) proxy `http.Agent` implementation for HTTPS
-
latest version
7.0.5
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
4 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the https-proxy-agent package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
https-proxy-agent is a module that provides an http.Agent implementation that connects to a specified HTTP or HTTPS proxy server, and can be used with the built-in https module. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). When targeting a HTTP proxy, PoC by Kris Adler
How to fix Man-in-the-Middle (MitM)? Upgrade |
<2.2.3
|
Affected versions of this package are vulnerable to Uninitialized Memory Exposure and Denial of Service (DoS) attacks due to passing unsanitized options to Buffer(arg). Note: CVE-2018-3739 is a duplicate of CVE-2018-3736. How to fix Uninitialized Memory Exposure? Upgrade |
<2.2.0
|