80 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
EUVD-2026-30674
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...
GHSA-Q8MJ-M7CP-5Q26 qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
NULL Pointer Dereference
Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...
NULL Pointer Dereference
Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true that contain nu...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
UBUNTU-CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
The CVE describes a bug in the qs library where tstringifying an object with arrayFormat: 'comma' and encodeValuesOnly: true fails if an array contains null or undefined. The failure is a synchronous TypeError caused by missing null guard in the encoding path: the code maps values with the encode...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
PT-2026-41469
Name of the Vulnerable Software and Affected Versions qs versions 6.11.1 through 6.15.1 Description The stringify function throws a TypeError when called with the options arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined elements. This occurs because the...
NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...
Cross-site Scripting (XSS)
Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Cross-site Scripting XSS in CSS Stringify Output. An attacker can execute arbitrary JavaScript code in the context of the affected web page by submitting crafted CS...
GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen
Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...