Debian dla-3299 : node-qs - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3299 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3299-1 [email protected] https://www.debian.org/lts/security/...

AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...