Skip to main content

Qs

2 CVEs product

Monthly

CVE-2022-24999 npm HIGH POC PATCH THREAT This Week

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Qs Express Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
14.7%
CVE-2017-1000048 npm HIGH PATCH This Week

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qs
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
EPSS 15% CVSS 7.5
HIGH POC PATCH THREAT This Week

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Qs +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy