npm

Severity: moderate

Memory Exposure

tunnel-agent

Overview

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.

This is exploitable if user supplied input is provided to the auth value and is a number.

Proof-of-concept:

require('request')({
  method: 'GET',
  uri: 'http://www.example.com',
  tunnel: true,
  proxy:{
    protocol: 'http:',
    host:'127.0.0.1',
    port:8080,
    auth:USERSUPPLIEDINPUT // number
  }
});

Remediation

Update to version 0.6.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 25th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    Apr 24th, 2018