Lucene search
HackeroneCVELIST:CVE-2014-10064HistoryApr 26, 2018 - 12:00 a.m.
CVE-2014-10064
2018-04-2600:00:00
CWE-400
hackerone
www.cve.org
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.
CNA Affected
[
{
"product": "qs node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<1.0.0"
}
]
}
]References
Related
nodejs
nodejs
Denial-of-Service Extended Event Loop Blocking
2015-10-17 19:41:46
osv
osv
Denial-of-Service Extended Event Loop Blocking in qs
2018-10-09 00:38:48
github
github
Denial-of-Service Extended Event Loop Blocking in qs
2018-10-09 00:38:48
ubuntucve
ubuntucve
CVE-2014-10064
2018-05-31 00:00:00
nvd
nvd
CVE-2014-10064
2018-05-31 20:29:00
debiancve
debiancve
CVE-2014-10064
2018-05-31 20:29:00
prion
prion
Design/Logic Flaw
2018-05-31 20:29:00
cve
cve
CVE-2014-10064
2018-05-31 20:29:00
