WS-2018-0076
Published:May 19, 2026
Updated:May 19, 2026
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number.
Affected Packages
jsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0nodejs (CONDA):
Affected version(s) >=4.2.6 <8.8.1Fix Suggestion:
Update to version 8.8.1azure-cli (CONDA):
Affected version(s) =0.10.3Fix Suggestion:
Update to version no_fixjquery (CONDA):
Affected version(s) =3.3.0 <3.4.0Fix Suggestion:
Update to version 3.4.0svg2png (CONDA):
Affected version(s) =4.1.1Fix Suggestion:
Update to version no_fixtunnel-agent (NPM):
Affected version(s) >=0.2.0 <0.6.0Fix Suggestion:
Update to version 0.6.0pvc.runtime.nodejs (NUGET):
Affected version(s) >=0.0.1 <=0.0.1.5Fix Suggestion:
Update to version no_fixnodeless (NUGET):
Affected version(s) >=1.0.0 <=1.0.4Fix Suggestion:
Update to version no_fixtinfoil (NUGET):
Affected version(s) >=1.0.16.5 <=1.1.0Fix Suggestion:
Update to version no_fixjetbrains.rider.frontend5 (NUGET):
Affected version(s) >=202.0.20200810.195204 <213.0.20211008.154703-eap03Fix Suggestion:
Update to version 213.0.20211008.154703-eap03yarn.msbuild (NUGET):
Affected version(s) =0.21.3 <0.22.0Fix Suggestion:
Update to version 0.22.0tools.npm (NUGET):
Affected version(s) =4.0.3-beta1Fix Suggestion:
Update to version no_fixraml.parser (NUGET):
Affected version(s) >=1.0.0 <1.0.7Fix Suggestion:
Update to version 1.0.7nodelesstesttwo (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnodeless2 (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnpm3 (NUGET):
Affected version(s) =3.0.0-alpha0001Fix Suggestion:
Update to version no_fixyeoman (NUGET):
Affected version(s) =1.1.2Fix Suggestion:
Update to version no_fixnpm (NUGET):
Affected version(s) >=1.4.4 <2.14.14Fix Suggestion:
Update to version 2.14.14betclic.buildtools.node (NUGET):
Affected version(s) =1.0.6Fix Suggestion:
Update to version no_fixnode-sass-bundle (NUGET):
Affected version(s) >=1.0.0 <=1.1.0Fix Suggestion:
Update to version no_fixbetclic.buildtools.node (NUGET):
Affected version(s) >=1.0.0 <1.0.5Fix Suggestion:
Update to version 1.0.5ncapsulate.node (NUGET):
Affected version(s) >=0.10.26 <=0.10.35.1Fix Suggestion:
Update to version no_fixnodelesstest (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixwinless.lessc (NUGET):
Affected version(s) =1.0.14Fix Suggestion:
Update to version no_fixnpm.js (NUGET):
Affected version(s) >=1.3.15 <2.13.1Fix Suggestion:
Update to version 2.13.1nodeenv (NUGET):
Affected version(s) >=1.0.0 <=1.0.2Fix Suggestion:
Update to version no_fixpwptemplatepusintek (NUGET):
Affected version(s) =0.0.1Fix Suggestion:
Update to version no_fixmidiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105yarnpkg.yarn (NUGET):
Affected version(s) >=0.17.4 <0.26.1Fix Suggestion:
Update to version 0.26.1zombie.js (NUGET):
Affected version(s) >=4.2.1 <=5.0.5Fix Suggestion:
Update to version no_fixbower (NUGET):
Affected version(s) >=1.2.7 <=1.3.11Fix Suggestion:
Update to version no_fixnc.frontend.env (NUGET):
Affected version(s) =1.0.3Fix Suggestion:
Update to version no_fixncapsulate.bower (NUGET):
Affected version(s) >=1.3.2 <=1.3.12.1Fix Suggestion:
Update to version no_fixpvc.browserify (NUGET):
Affected version(s) =0.0.1 <0.0.1.1Fix Suggestion:
Update to version 0.0.1.1nodeint (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixdotlessbuildtasksdotnet (NUGET):
Affected version(s) >=2.0.0 <=2.1.7-rc1Fix Suggestion:
Update to version no_fixtrezebits/trezevel-gallery (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixcomputerundsound/curserver (PHP):
Affected version(s) =dev-master <2.2.0Fix Suggestion:
Update to version 2.2.0z3/t3build-node (PHP):
Affected version(s) =dev-master <1.0.11Fix Suggestion:
Update to version 1.0.11yuan1994/wechat_web_devtools (PHP):
Affected version(s) >=dev-core <0.15.152901-coreFix Suggestion:
Update to version 0.15.152901-coreerdiko/user-admin (PHP):
Affected version(s) >=dev-develop <dev-ER-91Fix Suggestion:
Update to version dev-ER-91seidemann-web/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-omage-themeFix Suggestion:
Update to version dev-omage-themejadu/pulsar (PHP):
Affected version(s) >=1.0.13 <1.0.16Fix Suggestion:
Update to version 1.0.16chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=v0.0.17 <0.0.56Fix Suggestion:
Update to version 0.0.56computerundsound/curserver (PHP):
Affected version(s) >=3.2.0.x-dev <=4.0.1Fix Suggestion:
Update to version no_fixdreamfactory/df-api-docs-ui (PHP):
Affected version(s) >=1.0.0 <1.1.0Fix Suggestion:
Update to version 1.1.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.1 <0.0.2Fix Suggestion:
Update to version 0.0.2miljoen/nova-autofill (PHP):
Affected version(s) >=v1.2 <=v1.4Fix Suggestion:
Update to version no_fixlukesnowden/application-base (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixmpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-master <1.0.0.x-devFix Suggestion:
Update to version 1.0.0.x-devoburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13erdiko/user-admin (PHP):
Affected version(s) >=dev-ER-98 <=dev-snyk-upgrade-d46907cffecf6b4533a36c96e63674e7Fix Suggestion:
Update to version no_fixhydrawiki/lessoid (PHP):
Affected version(s) =1.0.0 <2.0.0Fix Suggestion:
Update to version 2.0.0mpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-php7Fix Suggestion:
Update to version no_fixseidemann-web/wave-theme (PHP):
Affected version(s) =dev-feature/WT-21Fix Suggestion:
Update to version no_fixkayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0archambaultalex/image-field (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixoxid-esales/wave-theme (PHP):
Affected version(s) =dev-motorrad <dev-oxscript-google-analyticsFix Suggestion:
Update to version dev-oxscript-google-analyticsilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.4 <0.0.17Fix Suggestion:
Update to version 0.0.17seidemann-web/wave-theme (PHP):
Affected version(s) >=dev-WT-27/sticky-header <dev-WT-36/Sticky-Header-FixesFix Suggestion:
Update to version dev-WT-36/Sticky-Header-Fixesadrexia/silverstripe-pure (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keymiljoen/nova-autofill (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0seidemann-web/wave-theme (PHP):
Affected version(s) =dev-bugfix/variants-fix <dev-fixUpLanguageConstantsFix Suggestion:
Update to version dev-fixUpLanguageConstantsoburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <0.4.35Fix Suggestion:
Update to version 0.4.35limefamily/yii2-limetheme (PHP):
Affected version(s) >=1.0.0 <1.0.12Fix Suggestion:
Update to version 1.0.12ears (RUST):
Affected version(s) =0.3.3 <0.3.4Fix Suggestion:
Update to version 0.3.4neon-sys (RUST):
Affected version(s) =0.1.10 <0.1.11Fix Suggestion:
Update to version 0.1.11Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE