CVE-2017-16129
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-16129
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Source: NVD (National Vulnerability Database)
Vulnerability Title
superagent 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
superagent是一个小型的渐进式HTTP客户端请求库。 superagent中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(CPU或内存大量消耗)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HackerOne | superagent node module | <3.7.0 | - |
II. Public POCs for CVE-2017-16129
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-16129
Please Login to view more intelligence information
- https://nodesecurity.io/advisories/479x_refsource_MISC
- https://github.com/visionmedia/superagent/issues/1259x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-16129
Same Patch Batch · HackerOne · 2018-06-07 · 188 CVEs total
| CVE-2017-16192 | getcityapi.yoehoehne 路径遍历漏洞 | |
| CVE-2017-16180 | serverabc 路径遍历漏洞 | |
| CVE-2017-16181 | wintiwebdev 路径遍历漏洞 | |
| CVE-2017-16182 | serverxxx 路径遍历漏洞 | |
| CVE-2017-16184 | scott-blanch-weather-app 路径遍历漏洞 | |
| CVE-2017-16185 | uekw1511server 路径遍历漏洞 | |
| CVE-2017-16186 | 360class.jansenhm 路径遍历漏洞 | |
| CVE-2017-16187 | open-device 路径遍历漏洞 | |
| CVE-2017-16188 | reecerver 路径遍历漏洞 | |
| CVE-2017-16189 | sly07 路径遍历漏洞 | |
| CVE-2017-16190 | dcdcdcdcdc 路径遍历漏洞 | |
| CVE-2017-16191 | cypserver 路径遍历漏洞 | |
| CVE-2017-16199 | susu-sum 路径遍历漏洞 | |
| CVE-2017-16204 | jquey模块安全漏洞 | |
| CVE-2017-16203 | coffe-script模块安全漏洞 | |
| CVE-2017-16202 | cofeescript模块安全漏洞 | |
| CVE-2017-16201 | zjjserver 路径遍历漏洞 | |
| CVE-2017-16200 | uv-tj-demo 路径遍历漏洞 | |
| CVE-2017-16195 | pytservce 路径遍历漏洞 | |
| CVE-2017-16193 | mfrs 路径遍历漏洞 |
Showing top 20 of 188 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-409
- CVE-2026-27460
Tandoor Recipes Affected by Denial of Service via Recipe Imp - CVE-2026-40148
PraisonAI Affected by Decompression Bomb DoS via Recipe Bund - CVE-2026-39373
JWCrypto: JWE ZIP decompression bomb - CVE-2026-3114
Zip Bomb Denial of Service via Unrestricted Archive Decompre - CVE-2026-32044
OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills In
V. Comments for CVE-2017-16129
No comments yet