CVE-2014-7191 Medium Severity Vulnerability detected by WhiteSource #5

mend-bolt-for-github · 2018-12-25T10:05:22Z

CVE-2014-7191 - Medium Severity Vulnerability

Vulnerable Library - qs-0.5.6.tgz

querystring parser

path: /tmp/git/sqs-poller/node_modules/qs/package.json

Library home page: http://registry.npmjs.org/qs/-/qs-0.5.6.tgz

Dependency Hierarchy:

winston-0.7.3.tgz (Root Library)
- request-2.16.6.tgz
  - ❌ qs-0.5.6.tgz (Vulnerable Library)

Vulnerability Details

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Publish Date: 2014-10-19

URL: CVE-2014-7191

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/29

Release Date: 2014-08-06

Fix Resolution: Update qs to version 1.0.0 or greater

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 25, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2014-7191 Medium Severity Vulnerability detected by WhiteSource #5

CVE-2014-7191 Medium Severity Vulnerability detected by WhiteSource #5

mend-bolt-for-github bot commented Dec 25, 2018

CVE-2014-7191 Medium Severity Vulnerability detected by WhiteSource #5

CVE-2014-7191 Medium Severity Vulnerability detected by WhiteSource #5

Comments

mend-bolt-for-github bot commented Dec 25, 2018

CVE-2014-7191 - Medium Severity Vulnerability