npm

Severity: moderate

Insufficient Error Handling

http-proxy

Overview

Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash.

Remediation

Update to version 0.7.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 11th, 2017
  2. reported

    Initial report by TJ Holowaychuk
    Mar 10th, 2017