10809 matches found
qs's arrayLimit bypass in comma parsing allows denial of service
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation of multibyte character length in text manipulation. An attacker can execute arbitrary code as the operating system user running the database by issuing specially crafted queries...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parseArrayValue function when the comma option is in use. An attacker can...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77601 CVE-2026-2391 affecting package js-jquery 3.5.0-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77616 CVE-2026-2391 affecting package nodejs-nodemon 2.0.3-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77597 CVE-2026-2391 affecting package nodejs-nodemon 2.0.3-5
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77594 CVE-2026-2391 affecting package js-jquery 3.5.0-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
UBUNTU-CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391 qs's arrayLimit bypass in comma parsing allows denial of service
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
CVE-2026-2391 : The qs library vulnerability arises when using comma parsing (comma: true). The code bypasses the arrayLimit check by returning val.split(',') before the limit, allowing creation of very large arrays from a single parameter (e.g., ?param=a,b,c with a high density of commas). This ...
CVE-2026-2391 qs's arrayLimit bypass in comma parsing allows denial of service
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
PT-2026-7816
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
GHSA-2C4M-G7RX-63Q7 set-in Affected by Prototype Pollution
Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...
php: heap-based buffer overflow in array_merge()
A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...
Malicious code in narrow-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508eafee6916ba29ade3caf0722e7bffe693e53fa35a4e74f0dc385950778f34 The package narrow-array was found to contain malicious code. Source: ghsa-malware 8bbee1a11c9aa9d6feb751063161f9802c6245890a9764cdddf190d3357df462 A...