HIGH

GHSA-f9cm-p3w6-xvr3

Denial-of-Service Extended Event Loop Blocking in qs

Details

Versions prior to 1.0.0 of `qs` are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string.

## Recommendation

Update to version 1.0.0 or later

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / qs

Introduced in: 0 Fixed in: 1.0.0

Fix npm install qs@1.0.0

References

https://nvd.nist.gov/vuln/detail/CVE-2014-10064 [ADVISORY]
https://github.com/advisories/GHSA-f9cm-p3w6-xvr3 [ADVISORY]
https://www.npmjs.com/advisories/28 [WEB]