JSHint
JSHint copied to clipboard
LightTable
WS-2018-0076 Medium Severity Vulnerability detected by WhiteSource
WS-2018-0076 - Medium Severity Vulnerability
Vulnerable Library - tunnel-agent-0.4.3.tgz
HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.
path: /tmp/git/JSHint/node_modules/jshint/node_modules/tunnel-agent/package.json
Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz
Dependency Hierarchy:
- coveralls-2.11.16.tgz (Root Library)
- request-2.79.0.tgz
- :x: tunnel-agent-0.4.3.tgz (Vulnerable Library)
- request-2.79.0.tgz
Vulnerability Details
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.
This is exploitable if user supplied input is provided to the auth value and is a number.
Publish Date: 2018-04-25
URL: WS-2018-0076
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}