CVE-2014-7191 (Medium) detected in qs-0.4.2.tgz #11

mend-for-github-com · 2020-02-04T14:56:22Z

CVE-2014-7191 - Medium Severity Vulnerability

Vulnerable Library - qs-0.4.2.tgz

querystring parser

Library home page: https://registry.npmjs.org/qs/-/qs-0.4.2.tgz

Path to dependency file: ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/package.json

Path to vulnerable library: ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/qs/package.json

Dependency Hierarchy:

connect-2.1.3.tgz (Root Library)
- ❌ qs-0.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 5a3799544bbdfbed38c2c8191a9866ba18bc9768

Found in base branch: master

Vulnerability Details

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Publish Date: 2014-10-19

URL: CVE-2014-7191

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-7191

Release Date: 2014-10-19

Fix Resolution: 1.0.0

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 4, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2014-7191 (Medium) detected in qs-0.4.2.tgz #11

CVE-2014-7191 (Medium) detected in qs-0.4.2.tgz #11

mend-for-github-com bot commented Feb 4, 2020 •

edited

Loading

CVE-2014-7191 (Medium) detected in qs-0.4.2.tgz #11

CVE-2014-7191 (Medium) detected in qs-0.4.2.tgz #11

Comments

mend-for-github-com bot commented Feb 4, 2020 • edited Loading

CVE-2014-7191 - Medium Severity Vulnerability

mend-for-github-com bot commented Feb 4, 2020 •

edited

Loading