CVE-2016-5385: httpoxy vulnerability
(updated )
humbug_get_contents
is affected by httpoxy, a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to: * Proxy the outgoing HTTP requests made by the web application * Direct the server to open outgoing connections to an address and port of their choosing * Tie up server resources by forcing the vulnerable software to use a malicious proxy
References
Detect and mitigate CVE-2016-5385 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →