CVE-2017-1000048

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Ссылки

https://access.redhat.com/errata/RHSA-2017:2672
https://github.com/ljharb/qs/issues/200
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2672
https://github.com/ljharb/qs/issues/200
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qs_project:qs:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.3.0:*:*:*:*:*:*:*

cpe:2.3:a:qs_project:qs:6.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00532

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-1000048

CVSS3: 7.5

ubuntu

больше 8 лет назад

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

CVE-2017-1000048

CVSS3: 5.3

redhat

почти 9 лет назад

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

GHSA-gqgv-6jq5-jjj9

CVSS3: 7.5

github

почти 6 лет назад

Prototype Pollution Protection Bypass in qs

EPSS

Процентиль: 67%

0.00532

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20