Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-a6df-un62-h7hz
Vulnerability ID VCID-a6df-un62-h7hz
Aliases CVE-2018-3739
GHSA-8g7p-74h8-hg48
Summary Denial of Service in https-proxy-agent
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-125 Out-of-bounds Read
CWE-400 Uncontrolled Resource Consumption
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 8.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3739.json
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2018-3739
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2018-3739
cvssv3.1 9.1 https://github.com/advisories/GHSA-8g7p-74h8-hg48
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-8g7p-74h8-hg48
generic_textual CRITICAL https://github.com/advisories/GHSA-8g7p-74h8-hg48
cvssv3.1 9.1 https://github.com/TooTallNate/node-https-proxy-agent
generic_textual CRITICAL https://github.com/TooTallNate/node-https-proxy-agent
cvssv3.1 9.1 https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
generic_textual CRITICAL https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
cvssv3.1 9.1 https://hackerone.com/reports/319532
generic_textual CRITICAL https://hackerone.com/reports/319532
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2018-3736
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2018-3736
cvssv3.1 9.1 https://www.npmjs.com/advisories/593
generic_textual CRITICAL https://www.npmjs.com/advisories/593
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3739.json
https://api.first.org/data/v1/epss?cve=CVE-2018-3739
https://github.com/TooTallNate/node-https-proxy-agent
https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
https://hackerone.com/reports/319532
https://www.npmjs.com/advisories/593
1727312 https://bugzilla.redhat.com/show_bug.cgi?id=1727312
CVE-2018-3736 https://nvd.nist.gov/vuln/detail/CVE-2018-3736
CVE-2018-3739 https://nvd.nist.gov/vuln/detail/CVE-2018-3739
GHSA-8g7p-74h8-hg48 https://github.com/advisories/GHSA-8g7p-74h8-hg48
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3739.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/advisories/GHSA-8g7p-74h8-hg48
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/TooTallNate/node-https-proxy-agent
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/TooTallNate/node-https-proxy-agent/commit/1c24219df87524e6ed973127e81f30801d658f07
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://hackerone.com/reports/319532
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-3736
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://www.npmjs.com/advisories/593
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63177
EPSS Score 0.00433
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:10.860347+00:00 GHSA Importer Import https://github.com/advisories/GHSA-8g7p-74h8-hg48 38.6.0