CVE-2019-10196

Published: Mar 19, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Affected (4)

Products: Http Proxy Agent Project: Http Proxy Agent · Fedoraproject: Fedora · Redhat: Enterprise Linux, Software Collections

Http Proxy Agent Project

1 product

Http Proxy Agent

1 product

2 products

Enterprise Linux

Software Collections

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Http Proxy Agent Project Http Proxy Agent	Before 2.1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 27

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Software Collections	All versions

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1567245

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://www.npmjs.com/advisories/607

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1567245

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://www.npmjs.com/advisories/607

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.