CVE-2014-10064

描述

Versions prior to 1.0.0 of `qs` are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string. ## Recommendation Update to version 1.0.0 or later

受影響套件(2)

• Debian/node-qsfrom 0, < 2.2.4-1
• npm/qsfrom 0, < 1.0.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://github.com/advisories/GHSA-f9cm-p3w6-xvr3
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-10064
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-10064
• WEBhttps://www.npmjs.com/advisories/28