qs is vulnerable to denial of service. The vulnerability exists in merge function in qs.js due to lack of sanitization which allows an attacker to cause an application crash.
merge
qs.js
github.com/advisories/GHSA-rq7c-8f3g-q36h
github.com/ljharb/qs/blob/main/dist/qs.js#L670
github.com/ljharb/qs/blob/master/dist/qs.js#L670
github.com/ljharb/qs/issues/436
jsfiddle.net/65jxksay/
jsfiddle.net/pb6an1dy/