Memory Exposure in tunnel-agent
Versions of tunnel-agent are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number. Proof-of-concept: require('request')({ method: 'GET', uri: 'http://www.example.com', tunnel: true, proxy:{ protocol: 'http:', host:'127.0.0.1', port:8080, auth:USERSUPPLIEDINPUT // number } }); ``` Update to or later.