qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

EUVD-2020-0380

Malware in sbrugna...

EUVD-2018-0589

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-10064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will blo...

RHSA-2017:2672 Red Hat Security Advisory: rh-nodejs6-nodejs-qs security update

Bulletin has no description...

PT-2024-28304 · Unknown · Izatop Bunt

Name of the Vulnerable Software and Affected Versions: izatop bunt version 0.29.19 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the component /esm/qs.js...

SUSE CVE-2017-1000048

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24999

Summary Node.js module qs is used by IBM App Connect Enterprise Certified Container for parsing query parameters on URLS. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

Denial Of Service (DoS) Memory Consumption

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

High severity vulnerability that affects qs

Withdrawn, accidental duplicate publish. The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

GHSA-CRVJ-3GJ9-GM2P High severity vulnerability that affects qs

Withdrawn, accidental duplicate publish. The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

qs module denial of service vulnerability

The qs module is a library for querying and parsing strings. A denial of service vulnerability exists in qs module versions prior to 1.0.0. An attacker can exploit this vulnerability to cause a transient denial of service...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

Design/Logic Flaw

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

DEBIAN-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

UBUNTU-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

CVE-2014-10064 affects the qs module prior to 1.0.0. The vulnerability causes excessive recursion/looping when parsing deeply nested objects, blocking the Node.js event loop and enabling a temporary denial-of-service in web applications. Affected component: qs (used for parsing strings/JSON). Roo...