Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http-proxy is vulnerable to denial of service #3510

Closed
Christian24 opened this issue May 15, 2020 · 1 comment · Fixed by #3519 or karronoli/redpen#10
Closed

http-proxy is vulnerable to denial of service #3510

Christian24 opened this issue May 15, 2020 · 1 comment · Fixed by #3519 or karronoli/redpen#10
Labels

Comments

@Christian24
Copy link

Hello,

I just found out that http-proxy is vulnerable to denial of service attacks. There is no fix at moment, but it might be worthy to keep an eye on the issue: http-party/node-http-proxy#1446.

Npm security Advisory: https://www.npmjs.com/advisories/1486

Environment Details

  • Karma version (output of karma --version): 5.0.5 (all versions of http-proxy are affected though).

Steps to reproduce the behaviour

  1. Run npm audit
devoto13 added a commit to devoto13/karma that referenced this issue May 18, 2020
karmarunnerbot pushed a commit that referenced this issue May 19, 2020
## [5.0.9](v5.0.8...v5.0.9) (2020-05-19)

### Bug Fixes

* **dependencies:** update to safe version of http-proxy ([#3519](#3519)) ([00347bb](00347bb)), closes [#3510](#3510)
@karmarunnerbot
Copy link
Member

🎉 This issue has been resolved in version 5.0.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

anthony-redFox pushed a commit to anthony-redFox/karma that referenced this issue May 16, 2023
## [5.0.9](karma-runner/karma@v5.0.8...v5.0.9) (2020-05-19)

### Bug Fixes

* **dependencies:** update to safe version of http-proxy ([karma-runner#3519](karma-runner#3519)) ([00347bb](karma-runner@00347bb)), closes [karma-runner#3510](karma-runner#3510)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants