GHSA-crvj-3gj9-gm2p

Опубликовано: 09 окт. 2018

Источник: github

Github: Прошло ревью

Описание

High severity vulnerability that affects qs

Withdrawn, accidental duplicate publish.

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2014-7191
https://github.com/advisories/GHSA-crvj-3gj9-gm2p

Пакеты

Наименование

npm

Затронутые версииВерсия исправления

< 1.0.0

1.0.0