Lucene search
Qs Project Security Vulnerabilities
cve
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query...
7.5CVSS
7.9AI Score
0.009EPSS
2022-11-26 10:15 PM
347
27
cve
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework...
7.5CVSS
7.3AI Score
0.001EPSS
2017-07-17 01:18 PM
57
2