Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
http-proxy denial of service vulnerability
See original GitHub issueIssue details
There is an open ticket for yargs-parser, but a new DOS for http-proxy showed up today:
│ High │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ http-proxy │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ browser-sync [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ browser-sync > http-proxy │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1486 │
└───────────────┴──────────────────────────────────────────────────────────────┘```
### Steps to reproduce/test case
add browser-sync to package.json, `npm install`, `npm audit`
### Please specify which version of Browsersync, node and npm you're running
- Browsersync - 2.26.7
- Node - v14.2.0
- Npm - 6.14.5
Issue Analytics
- State:
- Created 3 years ago
- Reactions:39
- Comments:18
Top Results From Across the Web
Denial of Service (DoS) in http-proxy | Snyk
Affected versions of this package are vulnerable to Denial of Service (DoS). HTTP requests with long bodies can crash the proxy sever via ......
Read more >Denial of Service Vulnerability in Envoy Proxy - CVE-2022 ...
JFrog Security Research discovers a new denial of service vulnerability in Envoy Proxy. Learn who is vulnerable and how to fix it.
Read more >Patches issued for denial-of-service vulnerability found in ...
Researchers on Thursday found a denial-of-service (DoS) vulnerability in Envoy Proxy, a widely-used open-source edge and service proxy ...
Read more >CVE-2022-0023 PAN-OS: Denial-of-Service (DoS ...
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables ...
Read more >DoS Vulnerability Allows Easy Envoy Proxy Crashes
The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@shakyShane Is there a chance we can get this update merged into an update? Thanks 😃
Any movement on this?