Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[SECURITY] Machine-In-The-Middle #266

Open
matiaslopezd opened this issue Jul 13, 2020 · 0 comments
Open

[SECURITY] Machine-In-The-Middle #266

matiaslopezd opened this issue Jul 13, 2020 · 0 comments

Comments

@matiaslopezd
Copy link

1) What version of the module is the issue happening on? Does the issue happen on latest version?

Version: 0.22.0

2) What platform and Node.js version? (For example Node.js 6.9.1 on Mac OS X)

  • Node v13.7.0
  • npm v6.14.6
  • Linux Ubuntu 20.04*

3) Does the action work when you manually perform request against mailgun using curl (or other means)?

Not apply

4) Sample source code or steps to reproduce

npm audit

# Run  npm update https-proxy-agent --depth 4  to resolve 2 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mailgun-js                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mailgun-js > proxy-agent > https-proxy-agent                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1184                            │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mailgun-js                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mailgun-js > proxy-agent > pac-proxy-agent >                 │
│               │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1184                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Solution

Update dependencies:

"https-proxy-agent": "^3.0.0"
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matiaslopezd