HIGH

GHSA-jjv7-qpx3-h62q

Denial-of-Service Memory Exhaustion in qs

Details

Versions prior to 1.0 of `qs` are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing.

## Recommendation

Update to version 1.0.0 or later.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / qs

Introduced in: 0 Fixed in: 1.0.0

Fix npm install qs@1.0.0

References

https://nvd.nist.gov/vuln/detail/CVE-2014-7191 [ADVISORY]
https://github.com/visionmedia/node-querystring/issues/104 [WEB]
https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8 [WEB]
https://access.redhat.com/errata/RHSA-2016:1380 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/96729 [WEB]
https://github.com/advisories/GHSA-jjv7-qpx3-h62q [ADVISORY]
https://github.com/visionmedia/node-querystring [PACKAGE]
https://www.npmjs.com/advisories/29 [WEB]
http://secunia.com/advisories/60026 [WEB]
http://secunia.com/advisories/62170 [WEB]
http://www-01.ibm.com/support/docview.wss?uid=swg21685987 [WEB]
http://www-01.ibm.com/support/docview.wss?uid=swg21687263 [WEB]
http://www-01.ibm.com/support/docview.wss?uid=swg21687928 [WEB]