Lucene search
K

38 matches found

Debian CVE
Debian CVE
added 2018/05/31 8:0 p.m.36 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.4AI score0.01286EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/09/07 2:30 p.m.7 views

nodejs-qs: Prototype override protection bypass

It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties such as toString or hasOwnProperty, resulting in a denial of service when the overwritten function...

7.5CVSS7.1AI score0.02395EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/08/28 12:48 p.m.28 views

CVE-2017-1000048

It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties such as toString or hasOwnProperty, resulting in a denial of service when the overwritten function...

7.5CVSS6.2AI score0.02395EPSS
Exploits0References2
NVD
NVD
added 2017/07/17 1:18 p.m.19 views

CVE-2017-1000048

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

7.5CVSS8.4AI score0.02395EPSS
Exploits0References2
OSV
OSV
added 2017/07/17 1:18 p.m.24 views

CVE-2017-1000048

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

7.5CVSS6.5AI score0.02395EPSS
Exploits0References2
Prion
Prion
added 2017/07/17 1:18 p.m.26 views

Design/Logic Flaw

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

5CVSS7.7AI score0.02395EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/07/17 1:18 p.m.38 views

CVE-2017-1000048

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

7.5CVSS6.8AI score0.02395EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.34 views

CVE-2017-1000048

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

8.4AI score0.02395EPSS
Exploits0References2
CVE
CVE
added 2017/07/13 8:0 p.m.108 views

CVE-2017-1000048

CVE-2017-1000048 applies to ljharb’s qs module; older versions v6.0.4, v6.1.2, v6.2.3 and v6.3.1 (i.e., older than v6.3.2) are vulnerable to a DoS where a malicious request can crash the application. The connected documents corroborate a Denial of Service impact via input handling in qs, and indi...

7.5CVSS7.2AI score0.02395EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2014/10/19 1:55 a.m.2 views

DEBIAN-CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7.2AI score0.08309EPSS
Exploits0References1
NVD
NVD
added 2014/10/19 1:55 a.m.16 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS8.3AI score0.08309EPSS
Exploits0References10
OSV
OSV
added 2014/10/19 1:55 a.m.4 views

UBUNTU-CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7.1AI score0.08309EPSS
Exploits0References4
Prion
Prion
added 2014/10/19 1:55 a.m.23 views

Design/Logic Flaw

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7AI score0.08309EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2014/10/19 1:55 a.m.32 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7.1AI score0.08309EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/10/19 1:0 a.m.34 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

8.2AI score0.08309EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2014/10/19 1:0 a.m.59 views

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

5CVSS7.1AI score0.08309EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/06 12:0 a.m.31 views

Fedora 19 : nodejs-qs-0.6.6-3.fc19 (2014-11399)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

5CVSS7.2AI score0.08309EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/10/06 12:0 a.m.27 views

Fedora 20 : nodejs-qs-0.6.6-3.fc20 (2014-11376)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

5CVSS7.2AI score0.08309EPSS
Exploits0References4
Rows per page
Query Builder