CVE-2019-10196

{"id": "CVE-2019-10196", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-03-19T20:15:13.097", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567245", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.npmjs.com/advisories/607", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en http-proxy-agent, versiones anteriores a 2.1.0. Se detect\u00f3 que http-proxy-agent pasa una opci\u00f3n de autenticaci\u00f3n al constructor de Buffer sin un saneamiento apropiado. Esto podr\u00eda resultar en una Denegaci\u00f3n de Servicio mediante el uso de todos los recursos de CPU disponibles y la exposici\u00f3n de datos por medio de una p\u00e9rdida de memoria no inicializada en configuraciones donde un atacante podr\u00eda enviar una entrada escrita hacia el par\u00e1metro auth"}], "lastModified": "2021-03-25T19:21:06.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:http-proxy-agent_project:http-proxy-agent:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "73C4F548-6ACD-4D24-8A0D-2185CA08FE11", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}