You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /node_modules/qs/package.json
Dependency Hierarchy:
express-3.0.0.tgz (Root Library)
connect-2.6.0.tgz
❌ qs-0.5.1.tgz (Vulnerable Library)
Found in base branch: main
Vulnerability Details
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-combot
changed the title
CVE-2014-7191 (Medium) detected in qs-0.5.1.tgz
CVE-2014-7191 (Medium) detected in qs-0.5.1.tgz - autoclosed
Apr 13, 2024
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-combot
changed the title
CVE-2014-7191 (Medium) detected in qs-0.5.1.tgz - autoclosed
CVE-2014-7191 (Medium) detected in qs-0.5.1.tgz
Apr 27, 2024
CVE-2014-7191 - Medium Severity Vulnerability
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/qs/package.json
Dependency Hierarchy:
Found in base branch: main
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
Publish Date: 2014-10-19
URL: CVE-2014-7191
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-7191
Release Date: 2014-10-19
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (express): 3.16.0
The text was updated successfully, but these errors were encountered: