Denial-of-Service Extended Event Loop Blocking

Module: qs

Published: August 6th, 2014

Reported by: Tom Steele

CVE-NONE

CWE-730

Vulnerable: <1.0.0
Patched: >= 1.x

Overview

Versions prior to 1.0.0 of qs are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string.

Remediation

Update to version 1.0.0 or later