Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerability
A remote attacker can trigger a denial of service in the socket.remoteAddress
variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 6 months ago
Identifiers: GHSA-mj6p-3pc9-wf5m, CVE-2023-2968
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2968
- https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917
- https://github.com/TooTallNate/proxy-agents/pull/178
- https://github.com/TooTallNate/proxy-agents/commit/25e0c931390eb8f41c5ceaca72820de9198ece39
- https://github.com/advisories/GHSA-mj6p-3pc9-wf5m
Blast Radius: 0.0
Affected Packages
npm:proxy
Dependent packages: 235Dependent repositories: 26,006
Downloads: 352,407 last month
Affected Version Ranges: >= 2.0.0, < 2.1.1
Fixed in: 2.1.1
All affected versions: 2.0.0, 2.0.1, 2.1.0
All unaffected versions: 0.0.1, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 1.0.0, 1.0.1, 1.0.2, 2.1.1