WS-2018-0076
Published:May 14, 2026
Updated:May 14, 2026
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number.
Affected Packages
jquery (CONDA):
Affected version(s) =3.3.0 <3.4.0Fix Suggestion:
Update to version 3.4.0jsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0svg2png (CONDA):
Affected version(s) =4.1.1Fix Suggestion:
Update to version no_fixnodejs (CONDA):
Affected version(s) >=4.2.6 <8.8.1Fix Suggestion:
Update to version 8.8.1azure-cli (CONDA):
Affected version(s) =0.10.3Fix Suggestion:
Update to version no_fixtunnel-agent (NPM):
Affected version(s) >=0.2.0 <0.6.0Fix Suggestion:
Update to version 0.6.0betclic.buildtools.node (NUGET):
Affected version(s) =1.0.6Fix Suggestion:
Update to version no_fixbetclic.buildtools.node (NUGET):
Affected version(s) >=1.0.0 <1.0.5Fix Suggestion:
Update to version 1.0.5midiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105node-sass-bundle (NUGET):
Affected version(s) >=1.0.0 <=1.1.0Fix Suggestion:
Update to version no_fixdotlessbuildtasksdotnet (NUGET):
Affected version(s) >=2.0.0 <=2.1.7-rc1Fix Suggestion:
Update to version no_fixtinfoil (NUGET):
Affected version(s) >=1.0.16.5 <=1.1.0Fix Suggestion:
Update to version no_fixnodeless (NUGET):
Affected version(s) >=1.0.0 <=1.0.4Fix Suggestion:
Update to version no_fixncapsulate.node (NUGET):
Affected version(s) >=0.10.26 <=0.10.35.1Fix Suggestion:
Update to version no_fixpvc.browserify (NUGET):
Affected version(s) =0.0.1 <0.0.1.1Fix Suggestion:
Update to version 0.0.1.1winless.lessc (NUGET):
Affected version(s) =1.0.14Fix Suggestion:
Update to version no_fixjetbrains.rider.frontend5 (NUGET):
Affected version(s) >=202.0.20200810.195204 <213.0.20211008.154703-eap03Fix Suggestion:
Update to version 213.0.20211008.154703-eap03ncapsulate.bower (NUGET):
Affected version(s) >=1.3.2 <=1.3.12.1Fix Suggestion:
Update to version no_fixnc.frontend.env (NUGET):
Affected version(s) =1.0.3Fix Suggestion:
Update to version no_fixraml.parser (NUGET):
Affected version(s) >=1.0.0 <1.0.7Fix Suggestion:
Update to version 1.0.7yeoman (NUGET):
Affected version(s) =1.1.2Fix Suggestion:
Update to version no_fixzombie.js (NUGET):
Affected version(s) >=4.2.1 <=5.0.5Fix Suggestion:
Update to version no_fixnpm (NUGET):
Affected version(s) >=1.4.4 <2.14.14Fix Suggestion:
Update to version 2.14.14npm3 (NUGET):
Affected version(s) =3.0.0-alpha0001Fix Suggestion:
Update to version no_fixnodelesstesttwo (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnodeint (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixpvc.runtime.nodejs (NUGET):
Affected version(s) >=0.0.1 <=0.0.1.5Fix Suggestion:
Update to version no_fixyarnpkg.yarn (NUGET):
Affected version(s) >=0.17.4 <0.26.1Fix Suggestion:
Update to version 0.26.1yarn.msbuild (NUGET):
Affected version(s) =0.21.3 <0.22.0Fix Suggestion:
Update to version 0.22.0nodeenv (NUGET):
Affected version(s) >=1.0.0 <=1.0.2Fix Suggestion:
Update to version no_fixtools.npm (NUGET):
Affected version(s) =4.0.3-beta1Fix Suggestion:
Update to version no_fixnodeless2 (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixbower (NUGET):
Affected version(s) >=1.2.7 <=1.3.11Fix Suggestion:
Update to version no_fixnodelesstest (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixpwptemplatepusintek (NUGET):
Affected version(s) =0.0.1Fix Suggestion:
Update to version no_fixnpm.js (NUGET):
Affected version(s) >=1.3.15 <2.13.1Fix Suggestion:
Update to version 2.13.1seidemann-web/wave-theme (PHP):
Affected version(s) =dev-bugfix/variants-fix <dev-fixUpLanguageConstantsFix Suggestion:
Update to version dev-fixUpLanguageConstantsoburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <0.4.35Fix Suggestion:
Update to version 0.4.35hydrawiki/lessoid (PHP):
Affected version(s) =1.0.0 <2.0.0Fix Suggestion:
Update to version 2.0.0computerundsound/curserver (PHP):
Affected version(s) =dev-master <2.2.0Fix Suggestion:
Update to version 2.2.0trezebits/trezevel-gallery (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixoburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13erdiko/user-admin (PHP):
Affected version(s) >=dev-develop <dev-ER-91Fix Suggestion:
Update to version dev-ER-91adrexia/silverstripe-pure (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=v0.0.17 <0.0.56Fix Suggestion:
Update to version 0.0.56computerundsound/curserver (PHP):
Affected version(s) >=3.2.0.x-dev <=4.0.1Fix Suggestion:
Update to version no_fixarchambaultalex/image-field (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixseidemann-web/wave-theme (PHP):
Affected version(s) =dev-feature/WT-21Fix Suggestion:
Update to version no_fixmiljoen/nova-autofill (PHP):
Affected version(s) >=v1.2 <=v1.4Fix Suggestion:
Update to version no_fixseidemann-web/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-omage-themeFix Suggestion:
Update to version dev-omage-themedreamfactory/df-api-docs-ui (PHP):
Affected version(s) >=1.0.0 <1.1.0Fix Suggestion:
Update to version 1.1.0kayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0jadu/pulsar (PHP):
Affected version(s) >=1.0.13 <1.0.16Fix Suggestion:
Update to version 1.0.16erdiko/user-admin (PHP):
Affected version(s) >=dev-ER-98 <=dev-snyk-upgrade-d46907cffecf6b4533a36c96e63674e7Fix Suggestion:
Update to version no_fixmpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-master <1.0.0.x-devFix Suggestion:
Update to version 1.0.0.x-devz3/t3build-node (PHP):
Affected version(s) =dev-master <1.0.11Fix Suggestion:
Update to version 1.0.11seidemann-web/wave-theme (PHP):
Affected version(s) >=dev-WT-27/sticky-header <dev-WT-36/Sticky-Header-FixesFix Suggestion:
Update to version dev-WT-36/Sticky-Header-Fixesoxid-esales/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-oxscript-google-analyticsFix Suggestion:
Update to version dev-oxscript-google-analyticslimefamily/yii2-limetheme (PHP):
Affected version(s) >=1.0.0 <1.0.12Fix Suggestion:
Update to version 1.0.12lukesnowden/application-base (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixmiljoen/nova-autofill (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0yuan1994/wechat_web_devtools (PHP):
Affected version(s) >=dev-core <0.15.152901-coreFix Suggestion:
Update to version 0.15.152901-corechrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.1 <0.0.2Fix Suggestion:
Update to version 0.0.2ilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keympcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-php7Fix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.4 <0.0.17Fix Suggestion:
Update to version 0.0.17neon-sys (RUST):
Affected version(s) =0.1.10 <0.1.11Fix Suggestion:
Update to version 0.1.11ears (RUST):
Affected version(s) =0.3.3 <0.3.4Fix Suggestion:
Update to version 0.3.4Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE