Description
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Remediation
References
https://hackerone.com/reports/319532
Related Vulnerabilities
CVE-2016-2510 Vulnerability in maven package org.apache-extras.beanshell:bsh
CVE-2019-17495 Vulnerability in maven package io.springfox:springfox-swagger-ui
CVE-2021-41862 Vulnerability in maven package com.googlecode.aviator:aviator
CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path
CVE-2023-51075 Vulnerability in maven package cn.hutool:hutool-core