logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

GHSA-crvj-3gj9-gm2p qs

Package

Manager: npm
Name: qs
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

High severity vulnerability that affects qs Withdrawn, accidental duplicate publish. The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Metadata

Created: 2018-10-09T00:44:29Z
Modified: 2020-06-16T21:43:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-crvj-3gj9-gm2p/GHSA-crvj-3gj9-gm2p.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0