Description
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Remediation
References
https://hackerone.com/reports/319532
Related Vulnerabilities
CVE-2020-7674 Vulnerability in npm package access-policy
CVE-2023-43642 Vulnerability in maven package org.xerial.snappy:snappy-java
CVE-2023-26133 Vulnerability in npm package progressbar.js
CVE-2021-23425 Vulnerability in npm package trim-off-newlines
CVE-2019-5786 Vulnerability in maven package org.webjars.npm:electron