Vulnerability CVE-2019-10196


Published: 2021-03-19

Description:
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Type:

CWE-665

(Improper Initialization)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
8.5/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Redhat -> Software collections 
Redhat -> Enterprise linux 
Http-proxy-agent project -> Http-proxy-agent 
Fedoraproject -> Fedora 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1567245
https://www.npmjs.com/advisories/607

Copyright 2024, cxsecurity.com

 

Back to Top