Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit option in qs does not enforce...

Security Bulletin: qs parse module DoS vulnerability: arrayLimit bypass via bracket notation allows memory exhaustion (qs < 6.14.1)

Summary An input validation flaw in qs 6.14.1 allows attackers to bypass arrayLimit using bracket notation a=x, leading to unauthenticated HTTP denial-of-service via memory exhaustion. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse...

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 (JSDSERVER-16491)

"The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16491 advisory. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs:...

Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse functio...

TencentOS Server 4: grafana (TSSA-2026:0007)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0007 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000176 advisory. An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3121 (ALAS-2025-3121)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3572.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3121 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

Improper Input Validation

qs is vulnerable to Improper Input Validation. The vulnerability is due to the arrayLimit option not being enforced for bracket notation parameters during query parsing, which allows an attacker to supply a large number of array elements and cause memory exhaustion via crafted HTTP requests...

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

GHSA-6RW7-VPXM-498P qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario...

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario...

EUVD-2025-205660

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion...

Allocation of Resources Without Limits or Throttling

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An attacker can exhaust...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An...

Linux Distros Unpatched Vulnerability : CVE-2025-15284

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...

AZL-73353 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73359 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

DEBIAN-CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...