Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjN3Ytd3hjdy1qNDcy
Memory Exposure in tunnel-agent
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.
This is exploitable if user supplied input is provided to the auth value and is a number.
Proof-of-concept:
require('request')({
method: 'GET',
uri: 'http://www.example.com',
tunnel: true,
proxy:{
protocol: 'http:',
host:'127.0.0.1',
port:8080,
auth:USERSUPPLIEDINPUT // number
}
});
Recommendation
Update to version 0.6.0 or later.
Permalink: https://github.com/advisories/GHSA-xc7v-wxcw-j472JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjN3Ytd3hjdy1qNDcy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
Identifiers: GHSA-xc7v-wxcw-j472
References:
- https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0
- https://www.npmjs.com/advisories/598
- https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
- https://github.com/advisories/GHSA-xc7v-wxcw-j472
Blast Radius: 0.0
Affected Packages
npm:tunnel-agent
Dependent packages: 805Dependent repositories: 4,021
Downloads: 105,472,393 last month
Affected Version Ranges: < 0.6.0
Fixed in: 0.6.0
All affected versions: 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.5.0
All unaffected versions: 0.6.0