Candidate: CVE-2014-10064
PublicDate: 2018-05-31 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10064
 https://nodesecurity.io/advisories/28
Description:
 The qs module before 1.0.0 does not have an option or default for
 specifying object depth and when parsing a string representing a deeply
 nested object will block the event loop for long periods of time. An
 attacker could leverage this to cause a temporary denial-of-service
 condition, for example, in a web application, other requests would not be
 processed while this blocking is occurring.
Ubuntu-Description:
Notes:
 ebarretto> Not much information, except for an advisory
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_node-qs:
upstream_node-qs: released (1.0.0)
precise/esm_node-qs: DNE
trusty_node-qs: ignored (out of standard support)
trusty/esm_node-qs: needed
xenial_node-qs: not-affected (2.2.4-1)
artful_node-qs: ignored (reached end-of-life)
bionic_node-qs: not-affected (2.2.4-1)
cosmic_node-qs: not-affected (2.2.4-1)
disco_node-qs: not-affected (2.2.4-1)
eoan_node-qs: not-affected (2.2.4-1)
focal_node-qs: not-affected (2.2.4-1)
groovy_node-qs: not-affected (2.2.4-1)
hirsute_node-qs: not-affected (2.2.4-1)
impish_node-qs: not-affected (2.2.4-1)
jammy_node-qs: not-affected (2.2.4-1)
devel_node-qs: not-affected (2.2.4-1)