CVE-2018-3739: Out-of-bounds Read

June 7, 2018 (updated October 9, 2019)

https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter (e.g. JSON).

References

nvd.nist.gov/vuln/detail/CVE-2018-3739

Code Behaviors & Features

Detect and mitigate CVE-2018-3739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →