VYPR
High severityGHSA Advisory· Published May 30, 2023· Updated Jan 9, 2025

Undefined variable usage in npm package "proxy" leads to remote denial of service

CVE-2023-2968

Description

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
proxynpm
>= 2.0.0, < 2.1.12.1.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.