superagent is vulnerable to large GZip denial of service (DoS) attacks aka ZIP bomb attacks. The attacks can be triggered when malicious HTTP servers send extremely large responses in a compressed form. Since the client does not limit the size of responses, it will end up consuming large amounts of CPU and memory upon the processing of such responses.
CPE | Name | Operator | Version |
---|---|---|---|
superagent | le | 3.6.3 |