3 matches found
CVE-2026-2391 vulnerabilities
Vulnerabilities for packages: thingsboard, py3-jupyterlab, tileserver-gl, opensearch-dashboards, json-server, langfuse, saf, code-server, sqlpad, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines...
DEBIAN-CVE-2026-2391
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...
CVE-2026-2391
creationtimestamp| type| source ---|---|--- 2026-02-12 04:39:47+00:00| published-proof-of-concept| https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883 2026-02-12 17:40:24+00:00| seen| https://gist.github.com/alon710/c6963cc90ba7a2a5c311d6e3cd8e6558 2026-02-19 12:48:01+00:00| seen...