10 matches found
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises
Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilities due to which an attacker could exploit this vulnerability to execute arbitrary code on the system and cause the application to crash cause a denial of service condition on the system. This...
SUSE CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)
Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...
@aconex/styleguide (>=2.0.1 <=2.2.0), @acornfamily/site (>=1.1.0 <=1.3.0) +1351 more potentially affected by CVE-2017-1000048 via qs (>=6.2.0 <=6.2.1)
qs NPM version =6.2.0, =2.0.1, =1.1.0, =0.1.0, =0.0.0, =0.7.15, =0.0.0, =1.0.23, =1.0.10, =3.3.91, =0.0.0, =0.1.0, =1.2.17, =0.5.6, =0.5.7 and more Source cves: CVE-2017-1000048 Source advisory: OSV:GHSA-GQGV-6JQ5-JJJ9...
@bouzuya/mr-jums (>=0.2.0 <=0.9.1), @deansel/latte (=0.1.2-beta.1) +77 more potentially affected by CVE-2017-1000048 via qs (>=6.3.0 <=6.3.1)
qs NPM version =6.3.0, =0.2.0, =1.0.0-alpha.7, =0.0.1-alpha.1, =0.0.1-dev.0, =4.0.0-beta.6, =3.0.0, =0.20.5, =0.20.5, =0.20.8, =0.1.5, =0.6.5, =0.13.0, =0.15.0 - app-decorators =0.8.206 and more Source cves: CVE-2017-1000048 Source advisory: OSV:GHSA-GQGV-6JQ5-JJJ9...
00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +33507 more potentially affected by CVE-2017-1000048 via qs (>=0.1.0 <=6.0.2)
qs NPM version =0.1.0, =6.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
AZL-45075 CVE-2017-1000048 affecting package nodejs-nodemon 2.0.3-5
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
CVE-2017-1000048 applies to ljharb’s qs module; older versions v6.0.4, v6.1.2, v6.2.3 and v6.3.1 (i.e., older than v6.3.2) are vulnerable to a DoS where a malicious request can crash the application. The connected documents corroborate a Denial of Service impact via input handling in qs, and indi...