14 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-servic...
Security Bulletin: DevOps Test Performance contains a vulnerabilty related to use of the qs library
Summary Due to the use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential denial-of-service vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when...
Linux Distros Unpatched Vulnerability : CVE-2026-2391
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-servi...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parseArrayValue function when the comma option is in use. An attacker can...
Allocation of Resources Without Limits or Throttling
Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parseArrayValue function when the comma option is in use. An attacker can exhaust system memor...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77601 CVE-2026-2391 affecting package js-jquery 3.5.0-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77616 CVE-2026-2391 affecting package nodejs-nodemon 2.0.3-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
AZL-77594 CVE-2026-2391 affecting package js-jquery 3.5.0-4
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
UBUNTU-CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
PT-2026-7816
Name of the Vulnerable Software and Affected Versions qs affected versions not specified Description The arrayLimit option in the qs library does not correctly enforce limits when parsing comma-separated values with the comma option enabled. This allows attackers to potentially cause a...
qs 安全漏洞
QS is a JavaScript library developed by Jordan Harband. QS has a security vulnerability, which stems from the arrayLimit option not enforcing restrictions on comma-separated values when the comma option is enabled. This could lead to a memory-exploiting denial-of-service attack...