{"id":"CVE-2018-3739","details":"https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).","aliases":["GHSA-8g7p-74h8-hg48"],"modified":"2026-03-14T09:29:35.919554Z","published":"2018-06-07T02:29:08.973Z","related":["CGA-qh9f-pqr2-gq27"],"references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/319532"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tootallnate/node-https-proxy-agent","events":[{"introduced":"0"},{"fixed":"5555794b6d9e4b0a36fac80a2d3acea876a8f7dc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.2.0"}]}}],"versions":["1.0.0","2.0.0","2.1.0","2.1.1","2.2.0","2.2.1","2.2.2","3.0.0","3.0.1","4.0.0","5.0.0","5.0.1","agent-base@7.0.1","agent-base@7.0.2","agent-base@7.1.0","agent-base@7.1.1","data-uri-to-buffer@5.0.1","data-uri-to-buffer@6.0.0","data-uri-to-buffer@6.0.1","data-uri-to-buffer@6.0.2","degenerator@4.0.1","degenerator@4.0.2","degenerator@4.0.3","degenerator@4.0.4","degenerator@5.0.0","degenerator@5.0.1","get-uri@6.0.1","get-uri@6.0.2","get-uri@6.0.3","http-proxy-agent@6.0.1","http-proxy-agent@6.1.0","http-proxy-agent@7.0.0","http-proxy-agent@7.0.1","http-proxy-agent@7.0.2","https-proxy-agent@6.0.0","https-proxy-agent@6.1.0","https-proxy-agent@6.2.0","https-proxy-agent@6.2.1","https-proxy-agent@7.0.0","https-proxy-agent@7.0.1","https-proxy-agent@7.0.2","https-proxy-agent@7.0.3","https-proxy-agent@7.0.4","pac-proxy-agent@6.0.1","pac-proxy-agent@6.0.2","pac-proxy-agent@6.0.3","pac-proxy-agent@6.0.4","pac-proxy-agent@7.0.0","pac-proxy-agent@7.0.1","pac-resolver@6.0.1","pac-resolver@6.0.2","pac-resolver@7.0.0","pac-resolver@7.0.1","proxy-agent@6.1.0","proxy-agent@6.1.1","proxy-agent@6.1.2","proxy-agent@6.2.0","proxy-agent@6.2.1","proxy-agent@6.2.2","proxy-agent@6.3.0","proxy-agent@6.3.1","proxy-agent@6.4.0","proxy@2.0.1","proxy@2.1.0","proxy@2.1.1","socks-proxy-agent@8.0.1","socks-proxy-agent@8.0.2","socks-proxy-agent@8.0.3","tsconfig@0.0.0","v0.0.1","v0.0.2","v0.1.0","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3739.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}