Search for packages
| purl | pkg:npm/https-proxy-agent@2.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hs7x-zfzt-uyak
Aliases: GHSA-pc5p-h8pf-mvwp GMS-2020-738 |
Machine-In-The-Middle in https-proxy-agent Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials. ## Recommendation Upgrade to version 3.0.0 or 2.2.3. |
Affected by 0 other vulnerabilities. |
|
VCID-zcad-naym-e3gc
Aliases: CVE-2018-3739 GHSA-8g7p-74h8-hg48 |
Out-of-bounds Read https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the `auth` parameter (e.g. JSON). |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:29:31.862701+00:00 | GitLab Importer | Affected by | VCID-hs7x-zfzt-uyak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/https-proxy-agent/GMS-2020-738.yml | 38.6.0 |
| 2026-06-04T20:12:49.477665+00:00 | GitLab Importer | Affected by | VCID-zcad-naym-e3gc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/https-proxy-agent/CVE-2018-3739.yml | 38.6.0 |