CVE-2017-16129

Name of the Vulnerable Software and Affected Versions: superagent versions prior to 3.7.0

Description: The HTTP client module superagent is vulnerable to ZIP bomb attacks. In such an attack, an HTTP server replies with a compressed response that becomes significantly larger once uncompressed. If the client does not handle these responses carefully, it may lead to excessive CPU and/or memory consumption, potentially allowing an attacker to exploit this weakness for a denial of service (DoS) attack. The attacker must control the URL that superagent makes a request to in order to exploit this issue.

Recommendations: Update to version 3.7.0 or later.