github · TheeCryptoChad · May 6, 2026
diff --git a/advisories/github-reviewed/2023/05/GHSA-mj6p-3pc9-wf5m/GHSA-mj6p-3pc9-wf5m.json b/advisories/github-reviewed/2023/05/GHSA-mj6p-3pc9-wf5m/GHSA-mj6p-3pc9-wf5m.json
@@ -1,64 +1,78 @@
 {
-  "schema_version": "1.4.0",
-  "id": "GHSA-mj6p-3pc9-wf5m",
-  "modified": "2023-06-06T01:52:50Z",
-  "published": "2023-05-30T18:30:23Z",
-  "aliases": [
-    "CVE-2023-2968"
-  ],
-  "summary": "proxy denial of service vulnerability",
-  "details": "A remote attacker can trigger a denial of service in the `socket.remoteAddress` variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.\n\n",
-  "severity": [],
-  "affected": [
-    {
-      "package": {
-        "ecosystem": "npm",
-        "name": "proxy"
-      },
-      "ranges": [
+    "schema_version": "1.4.0",
+    "id": "GHSA-mj6p-3pc9-wf5m",
+    "modified": "2026-05-06T00:00:00Z",
+    "published": "2023-05-30T18:30:23Z",
+    "aliases": [
+        "CVE-2023-2968"
+    ],
+    "summary": "proxy denial of service vulnerability",
+    "details": "A remote attacker can trigger a denial of service in the `proxy` package by sending a crafted HTTP request that causes `socket.remoteAddress` to be `undefined`. When this undefined value is consumed without a null check, a `TypeError` exception is raised, crashing the proxy server process.\n\nThe vulnerable code path in versions >= 2.0.0, < 2.1.1 reads `socket.remoteAddress` directly without guarding against the case where the socket has already been destroyed or the remote address is unavailable. An attacker with the ability to send a specially crafted HTTP request can exploit this to take down the proxy server.\n\nThe issue was fixed in version 2.1.1 by adding a guard that checks `socket.remoteAddress` before use.",
+    "severity": [
         {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "2.0.0"
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+        }
+    ],
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "proxy"
             },
-            {
-              "fixed": "2.1.1"
-            }
-          ]
+            "ranges": [
+                {
+                    "type": "ECOSYSTEM",
+                    "events": [
+                        {
+                            "introduced": "2.0.0"
+                        },
+                        {
+                            "fixed": "2.1.1"
+                        }
+                    ]
+                }
+            ]
         }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2968"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/TooTallNate/proxy-agents/pull/178"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/TooTallNate/proxy-agents/commit/25e0c931390eb8f41c5ceaca72820de9198ece39"
-    },
-    {
-      "type": "PACKAGE",
-      "url": "https://github.com/TooTallNate/proxy-agents"
-    },
-    {
-      "type": "WEB",
-      "url": "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917"
-    }
-  ],
-  "database_specific": {
-    "cwe_ids": [
-      "CWE-232"
     ],
-    "severity": "MODERATE",
-    "github_reviewed": true,
-    "github_reviewed_at": "2023-06-06T01:52:50Z",
-    "nvd_published_at": "2023-05-30T18:15:09Z"
-  }
-}
+    "references": [
+        {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2968"
+        },
+        {
+            "type": "WEB",
+            "url": "https://github.com/TooTallNate/proxy-agents/pull/178"
+        },
+        {
+            "type": "WEB",
+            "url": "https://github.com/TooTallNate/proxy-agents/commit/25e0c931390eb8f41c5ceaca72820de9198ece39"
+        },
+        {
+            "type": "PACKAGE",
+            "url": "https://github.com/TooTallNate/proxy-agents"
+        },
+        {
+            "type": "WEB",
+            "url": "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917"
+        }
+    ],
+    "credits": [
+        {
+            "name": "Cutter Bruce",
+            "contact": [
+                "https://github.com/TheeCryptoChad"
+            ],
+            "type": "ANALYST"
+        }
+    ],
+    "database_specific": {
+        "cwe_ids": [
+            "CWE-232"
+        ],
+        "severity": "HIGH",
+        "github_reviewed": true,
+        "github_reviewed_at": "2023-06-06T01:52:50Z",
+        "nvd_published_at": "2023-05-30T18:15:09Z"
+    }
+}