Candidate: CVE-2017-1000048
PublicDate: 2017-07-17 13:18:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000048
 https://github.com/ljharb/qs/issues/200
Description:
 the web framework using ljharb's qs module older than v6.3.2, v6.2.3,
 v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil
 request to cause the web framework crash.
Ubuntu-Description:
Notes:
 ebarretto> xenial, bionic and cosmic are not affected as their version does
 ebarretto> not support allowPrototypes options.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_node-qs:
upstream_node-qs: released (6.0.4, 6.1.2, 6.2.3, 6.3.2, 6.4.0)
precise/esm_node-qs: DNE
trusty_node-qs: ignored (out of standard support)
trusty/esm_node-qs: not-affected (code not present)
vivid/ubuntu-core_node-qs: DNE
xenial_node-qs: not-affected (code not present)
yakkety_node-qs: ignored (reached end-of-life)
zesty_node-qs: ignored (reached end-of-life)
artful_node-qs: ignored (reached end-of-life)
bionic_node-qs: not-affected (code not present)
cosmic_node-qs: not-affected (code not present)
disco_node-qs: not-affected (6.5.2-1)
devel_node-qs: not-affected (6.5.2-1)