CVE-2019-10196
Last modified
CVE-2019-10196 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Http-Proxy-Agent Project | Http-Proxy-Agent | < 2.1.0 |
| Fedoraproject | Fedora | 27 |
| Redhat | Software Collections | All versions |
| Redhat | Enterprise Linux | 7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1567245Issue Tracking, Patch, Third Party Advisory
- https://www.npmjs.com/advisories/607Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1567245Issue Tracking, Patch, Third Party Advisory
- https://www.npmjs.com/advisories/607Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10196?
How severe is CVE-2019-10196?
How do I fix CVE-2019-10196?
Are you affected by CVE-2019-10196?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST