The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-06-07T02:00:00Z

Updated: 2024-09-16T19:04:07.190Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2017-16129

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-07T02:29:03.457

Modified: 2024-11-21T03:15:52.757

Link: CVE-2017-16129

cve-icon Redhat

No data.