Denial of Service Vulnerability in Node.js qs Module
CVE-2014-7191

Currently unrated

Key Information:

Vendor: Nodejs
Status: Node.js
Vendor: CVE Published:; 19 October 2014

What is CVE-2014-7191?

The qs module in Node.js versions prior to 1.0.0 contains a vulnerability that allows remote attackers to exploit it through a crafted array. By providing a large index value, attackers can trigger memory exhaustion, resulting in denial of service. This occurs because the compact function is not invoked for array data, leading to the creation of a sparse array that consumes excessive memory resources.

References

http://secunia.com/advisories/60026

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/62170

third-party-advisoryx_refsource_SECUNIA

https://github.com/visionmedia/node-querystring/issues/104

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Sep 26, 2014

Nodejs

What is CVE-2014-7191?

References

Timeline