High severity vulnerability that affects qs

GHSA-crvj-3gj9-gm2p

Published Oct 9, 2018 · Modified Jun 16, 2020

Description

Withdrawn, accidental duplicate publish.

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-7191
ADVISORY https://github.com/advisories/GHSA-crvj-3gj9-gm2p

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes