Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to `Buffer()`.

## Recommendation

Update to version 2.2.0 or later.

Affected Packages

npm https-proxy-agent

Affected versions: 0 (fixed in 2.2.0)

Related CVEs

CVE-2018-3739

Key Information

GHSA ID

GHSA-8g7p-74h8-hg48

Published

July 27, 2018 5:04 PM

Last Modified

September 7, 2021 7:45 PM

CVSS Score

9.0 /10

Primary Ecosystem

npm

Primary Package

https-proxy-agent

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.