CVE-2019-10196: Improper Initialization

January 6, 2022

A flaw was found in http-proxy-agent, It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

References

bugzilla.redhat.com/show_bug.cgi?id=1567245
github.com/TooTallNate/node-http-proxy-agent/commit/b7b7cc793c3226aa83f820ce5c277e81862d32eb
github.com/advisories/GHSA-86wf-436m-h424
nvd.nist.gov/vuln/detail/CVE-2019-10196
www.npmjs.com/advisories/607

Detect and mitigate CVE-2019-10196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →