VulnerableCode Package Details - pkg:npm/https-proxy-agent@2.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-hs7x-zfzt-uyak Aliases: GHSA-pc5p-h8pf-mvwp GMS-2020-738	Machine-In-The-Middle in https-proxy-agent Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials. ## Recommendation Upgrade to version 3.0.0 or 2.2.3.	2.2.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hs7x-zfzt-uyak
Aliases:
GHSA-pc5p-h8pf-mvwp
GMS-2020-738

Machine-In-The-Middle in https-proxy-agent Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials. ## Recommendation Upgrade to version 3.0.0 or 2.2.3.

2.2.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dgv5-7f5m-rkdf	Denial of Service in https-proxy-agent Withdrawn: Duplicate of GHSA-8g7p-74h8-hg48	GHSA-qrg3-f6h6-vq8q
VCID-zcad-naym-e3gc	Out-of-bounds Read https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the `auth` parameter (e.g. JSON).	CVE-2018-3739 GHSA-8g7p-74h8-hg48

Vulnerability

Summary

Aliases

VCID-dgv5-7f5m-rkdf

Denial of Service in https-proxy-agent Withdrawn: Duplicate of GHSA-8g7p-74h8-hg48

GHSA-qrg3-f6h6-vq8q

VCID-zcad-naym-e3gc

Out-of-bounds Read https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the `auth` parameter (e.g. JSON).

CVE-2018-3739
GHSA-8g7p-74h8-hg48

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:12:44.953466+00:00	GHSA Importer	Fixing	VCID-dgv5-7f5m-rkdf	https://github.com/advisories/GHSA-qrg3-f6h6-vq8q	38.6.0
2026-06-05T21:05:51.556566+00:00	GHSA Importer	Fixing	VCID-zcad-naym-e3gc	https://github.com/advisories/GHSA-8g7p-74h8-hg48	38.6.0
2026-06-04T20:29:31.870768+00:00	GitLab Importer	Affected by	VCID-hs7x-zfzt-uyak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/https-proxy-agent/GMS-2020-738.yml	38.6.0
2026-06-04T17:40:45.447406+00:00	GithubOSV Importer	Fixing	VCID-zcad-naym-e3gc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-8g7p-74h8-hg48/GHSA-8g7p-74h8-hg48.json	38.6.0
2026-06-04T17:23:55.995287+00:00	GithubOSV Importer	Fixing	VCID-dgv5-7f5m-rkdf	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-qrg3-f6h6-vq8q/GHSA-qrg3-f6h6-vq8q.json	38.6.0
2026-06-02T04:37:50.466569+00:00	GitLab Importer	Fixing	VCID-zcad-naym-e3gc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/https-proxy-agent/CVE-2018-3739.yml	38.6.0