CVE

Id
74491  
CVE No.
CVE-2014-7191  
Status
Candidate  
Description
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.  
Phase
Assigned (20140926)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
695107 74491 CVE-2014-7191 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21685987  View
695108 74491 CVE-2014-7191 CONFIRM:https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8  View
695109 74491 CVE-2014-7191 CONFIRM:https://github.com/visionmedia/node-querystring/issues/104  View
695110 74491 CVE-2014-7191 CONFIRM:https://nodesecurity.io/advisories/qs_dos_memory_exhaustion  View
695111 74491 CVE-2014-7191 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21687928  View
695112 74491 CVE-2014-7191 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21687263  View
695113 74491 CVE-2014-7191 REDHAT:RHSA-2016:1380  View
695114 74491 CVE-2014-7191 URL:https://access.redhat.com/errata/RHSA-2016:1380  View
695115 74491 CVE-2014-7191 SECUNIA:60026  View
695116 74491 CVE-2014-7191 URL:http://secunia.com/advisories/60026  View
695117 74491 CVE-2014-7191 SECUNIA:62170  View
695118 74491 CVE-2014-7191 URL:http://secunia.com/advisories/62170  View
695119 74491 CVE-2014-7191 XF:nodejs-cve20147191-dos(96729)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
15618 JVNDB-2014-004493 MediaWiki におけるクロスサイトスクリプティングの脆弱性 MediaWiki には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-7199 74491 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004493.html  View