Description
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Remediation
References
https://hackerone.com/reports/319532
Related Vulnerabilities
CVE-2022-31172 Vulnerability in npm package @openzeppelin/contracts
CVE-2021-29441 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2023-49373 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-41269 Vulnerability in maven package com.cronutils:cron-utils
CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core