Open mend-bolt-for-github[bot] opened 5 years ago
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/https-proxy-agent/package.json
Dependency Hierarchy: - protractor-5.1.2.tgz (Root Library) - saucelabs-1.3.0.tgz - :x: **https-proxy-agent-1.0.0.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Publish Date: 2018-04-25
URL: WS-2018-0072
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/593
Release Date: 2018-01-27
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
WS-2018-0072 - High Severity Vulnerability
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/https-proxy-agent/package.json
Dependency Hierarchy: - protractor-5.1.2.tgz (Root Library) - saucelabs-1.3.0.tgz - :x: **https-proxy-agent-1.0.0.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Publish Date: 2018-04-25
URL: WS-2018-0072
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/593
Release Date: 2018-01-27
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here