VYPR
Medium severity5.9NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026

CVE-2017-16129

CVE-2017-16129

Description

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
superagentnpm
< 3.7.03.7.0

Affected products

2
  • ghsa-coords
    Range: < 3.7.0
  • HackerOne/superagent node modulev5
    Range: <3.7.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.