CGA-hwrj-cwxw-pr4r

Published

Last updated

https://images.chainguard.dev/security/CGA-hwrj-cwxw-pr4r

Package

jitsucom-jitsu

Latest Update

Not affected

Aliases

CVE-2018-3739
GHSA-8g7p-74h8-hg48

Severity

9.1

Critical

CVSS V3

Summary

Denial of Service in https-proxy-agent

Description

Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Recommendation

Update to version 2.2.0 or later.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-3739
https://github.com/advisories/GHSA-8g7p-74h8-hg48
https://nvd.nist.gov/vuln/detail/CVE-2018-3736
https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
https://hackerone.com/reports/319532
https://github.com/TooTallNate/node-https-proxy-agent
https://www.npmjs.com/advisories/593

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-hwrj-cwxw-pr4r

Severity

Summary

Description

Recommendation

References

Updates

Product

Why Chainguard

Customers

Company

Resources