Description
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Remediation
References
https://hackerone.com/reports/319532
Related Vulnerabilities
CVE-2020-15215 Vulnerability in npm package electron
CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2016-10520 Vulnerability in npm package jadedown
CVE-2021-4329 Vulnerability in maven package org.webjars.npm:json-logic-js
CVE-2022-38179 Vulnerability in maven package io.ktor:ktor-utils