Denial-of-Service Memory Exhaustion in qs

2017-10-24T18:33:36
ID GHSA-JJV7-QPX3-H62Q
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:08:29

Description

Versions prior to 1.0 of qs are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing.

Recommendation

Update to version 1.0.0 or later.