WS-2018-0076
Published:May 19, 2026
Updated:May 19, 2026
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number.
Affected Packages
jquery (CONDA):
Affected version(s) =3.3.0 <3.4.0Fix Suggestion:
Update to version 3.4.0nodejs (CONDA):
Affected version(s) >=4.2.6 <8.8.1Fix Suggestion:
Update to version 8.8.1jsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0azure-cli (CONDA):
Affected version(s) =0.10.3Fix Suggestion:
Update to version no_fixsvg2png (CONDA):
Affected version(s) =4.1.1Fix Suggestion:
Update to version no_fixtunnel-agent (NPM):
Affected version(s) >=0.2.0 <0.6.0Fix Suggestion:
Update to version 0.6.0raml.parser (NUGET):
Affected version(s) >=1.0.0 <1.0.7Fix Suggestion:
Update to version 1.0.7pwptemplatepusintek (NUGET):
Affected version(s) =0.0.1Fix Suggestion:
Update to version no_fixnodeint (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnodeenv (NUGET):
Affected version(s) >=1.0.0 <=1.0.2Fix Suggestion:
Update to version no_fixbetclic.buildtools.node (NUGET):
Affected version(s) >=1.0.0 <1.0.5Fix Suggestion:
Update to version 1.0.5jetbrains.rider.frontend5 (NUGET):
Affected version(s) >=202.0.20200810.195204 <213.0.20211008.154703-eap03Fix Suggestion:
Update to version 213.0.20211008.154703-eap03npm (NUGET):
Affected version(s) >=1.4.4 <2.14.14Fix Suggestion:
Update to version 2.14.14winless.lessc (NUGET):
Affected version(s) =1.0.14Fix Suggestion:
Update to version no_fixpvc.runtime.nodejs (NUGET):
Affected version(s) >=0.0.1 <=0.0.1.5Fix Suggestion:
Update to version no_fixzombie.js (NUGET):
Affected version(s) >=4.2.1 <=5.0.5Fix Suggestion:
Update to version no_fixbetclic.buildtools.node (NUGET):
Affected version(s) =1.0.6Fix Suggestion:
Update to version no_fixnode-sass-bundle (NUGET):
Affected version(s) >=1.0.0 <=1.1.0Fix Suggestion:
Update to version no_fixtinfoil (NUGET):
Affected version(s) >=1.0.16.5 <=1.1.0Fix Suggestion:
Update to version no_fixncapsulate.node (NUGET):
Affected version(s) >=0.10.26 <=0.10.35.1Fix Suggestion:
Update to version no_fixyeoman (NUGET):
Affected version(s) =1.1.2Fix Suggestion:
Update to version no_fixyarnpkg.yarn (NUGET):
Affected version(s) >=0.17.4 <0.26.1Fix Suggestion:
Update to version 0.26.1pvc.browserify (NUGET):
Affected version(s) =0.0.1 <0.0.1.1Fix Suggestion:
Update to version 0.0.1.1midiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105nodelesstesttwo (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnodeless2 (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixdotlessbuildtasksdotnet (NUGET):
Affected version(s) >=2.0.0 <=2.1.7-rc1Fix Suggestion:
Update to version no_fixnpm.js (NUGET):
Affected version(s) >=1.3.15 <2.13.1Fix Suggestion:
Update to version 2.13.1nc.frontend.env (NUGET):
Affected version(s) =1.0.3Fix Suggestion:
Update to version no_fixnodelesstest (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixtools.npm (NUGET):
Affected version(s) =4.0.3-beta1Fix Suggestion:
Update to version no_fixyarn.msbuild (NUGET):
Affected version(s) =0.21.3 <0.22.0Fix Suggestion:
Update to version 0.22.0bower (NUGET):
Affected version(s) >=1.2.7 <=1.3.11Fix Suggestion:
Update to version no_fixnodeless (NUGET):
Affected version(s) >=1.0.0 <=1.0.4Fix Suggestion:
Update to version no_fixncapsulate.bower (NUGET):
Affected version(s) >=1.3.2 <=1.3.12.1Fix Suggestion:
Update to version no_fixnpm3 (NUGET):
Affected version(s) =3.0.0-alpha0001Fix Suggestion:
Update to version no_fixlukesnowden/application-base (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixmpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-master <1.0.0.x-devFix Suggestion:
Update to version 1.0.0.x-devseidemann-web/wave-theme (PHP):
Affected version(s) =dev-feature/WT-21Fix Suggestion:
Update to version no_fixcomputerundsound/curserver (PHP):
Affected version(s) >=3.2.0.x-dev <=4.0.1Fix Suggestion:
Update to version no_fixoxid-esales/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-oxscript-google-analyticsFix Suggestion:
Update to version dev-oxscript-google-analyticsdreamfactory/df-api-docs-ui (PHP):
Affected version(s) >=1.0.0 <1.1.0Fix Suggestion:
Update to version 1.1.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keyseidemann-web/wave-theme (PHP):
Affected version(s) >=dev-WT-27/sticky-header <dev-WT-36/Sticky-Header-FixesFix Suggestion:
Update to version dev-WT-36/Sticky-Header-Fixesmpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-php7Fix Suggestion:
Update to version no_fixkayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0oburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13oburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <0.4.35Fix Suggestion:
Update to version 0.4.35jadu/pulsar (PHP):
Affected version(s) >=1.0.13 <1.0.16Fix Suggestion:
Update to version 1.0.16computerundsound/curserver (PHP):
Affected version(s) =dev-master <2.2.0Fix Suggestion:
Update to version 2.2.0seidemann-web/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-omage-themeFix Suggestion:
Update to version dev-omage-themehydrawiki/lessoid (PHP):
Affected version(s) =1.0.0 <2.0.0Fix Suggestion:
Update to version 2.0.0yuan1994/wechat_web_devtools (PHP):
Affected version(s) >=dev-core <0.15.152901-coreFix Suggestion:
Update to version 0.15.152901-coreseidemann-web/wave-theme (PHP):
Affected version(s) =dev-bugfix/variants-fix <dev-fixUpLanguageConstantsFix Suggestion:
Update to version dev-fixUpLanguageConstantsmiljoen/nova-autofill (PHP):
Affected version(s) >=v1.2 <=v1.4Fix Suggestion:
Update to version no_fixadrexia/silverstripe-pure (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=v0.0.17 <0.0.56Fix Suggestion:
Update to version 0.0.56archambaultalex/image-field (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixmiljoen/nova-autofill (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.4 <0.0.17Fix Suggestion:
Update to version 0.0.17limefamily/yii2-limetheme (PHP):
Affected version(s) >=1.0.0 <1.0.12Fix Suggestion:
Update to version 1.0.12trezebits/trezevel-gallery (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixerdiko/user-admin (PHP):
Affected version(s) >=dev-ER-98 <=dev-snyk-upgrade-d46907cffecf6b4533a36c96e63674e7Fix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.1 <0.0.2Fix Suggestion:
Update to version 0.0.2z3/t3build-node (PHP):
Affected version(s) =dev-master <1.0.11Fix Suggestion:
Update to version 1.0.11erdiko/user-admin (PHP):
Affected version(s) >=dev-develop <dev-ER-91Fix Suggestion:
Update to version dev-ER-91ears (RUST):
Affected version(s) =0.3.3 <0.3.4Fix Suggestion:
Update to version 0.3.4neon-sys (RUST):
Affected version(s) =0.1.10 <0.1.11Fix Suggestion:
Update to version 0.1.11Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE