Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/https-proxy-agent@0.1.0
Typenpm
Namespace
Namehttps-proxy-agent
Version0.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.3
Latest_non_vulnerable_version2.2.3
Affected_by_vulnerabilities
0
url VCID-hs7x-zfzt-uyak
vulnerability_id VCID-hs7x-zfzt-uyak
summary 
Machine-In-The-Middle in https-proxy-agent
Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.


## Recommendation

Upgrade to version 3.0.0 or 2.2.3.
references
0
reference_url https://github.com/TooTallNate/node-https-proxy-agent/commit/36d8cf509f877fa44f4404fce57ebaf9410fe51b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TooTallNate/node-https-proxy-agent/commit/36d8cf509f877fa44f4404fce57ebaf9410fe51b
1
reference_url https://hackerone.com/reports/541502
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/541502
2
reference_url https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
3
reference_url https://www.npmjs.com/advisories/1184
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1184
4
reference_url https://github.com/advisories/GHSA-pc5p-h8pf-mvwp
reference_id GHSA-pc5p-h8pf-mvwp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pc5p-h8pf-mvwp
fixed_packages
0
url pkg:npm/https-proxy-agent@2.2.3
purl pkg:npm/https-proxy-agent@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/https-proxy-agent@2.2.3
aliases GHSA-pc5p-h8pf-mvwp, GMS-2020-738
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs7x-zfzt-uyak
1
url VCID-zcad-naym-e3gc
vulnerability_id VCID-zcad-naym-e3gc
summary 
Out-of-bounds Read
https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the `auth` parameter (e.g. JSON).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3739.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3739.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3739
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.63109
published_at 2026-06-07T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.63119
published_at 2026-06-06T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.63111
published_at 2026-06-05T12:55:00Z
3
value 0.00433
scoring_system epss
scoring_elements 0.63066
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3739
2
reference_url https://github.com/advisories/GHSA-8g7p-74h8-hg48
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8g7p-74h8-hg48
3
reference_url https://github.com/TooTallNate/node-https-proxy-agent
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TooTallNate/node-https-proxy-agent
4
reference_url https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
5
reference_url https://hackerone.com/reports/319532
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/319532
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3736
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-3736
7
reference_url https://www.npmjs.com/advisories/593
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/593
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1727312
reference_id 1727312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1727312
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3739
reference_id CVE-2018-3739
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-3739
fixed_packages
0
url pkg:npm/https-proxy-agent@2.2.0
purl pkg:npm/https-proxy-agent@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hs7x-zfzt-uyak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/https-proxy-agent@2.2.0
aliases CVE-2018-3739, GHSA-8g7p-74h8-hg48
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zcad-naym-e3gc
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/https-proxy-agent@0.1.0