npm

Severity: high

Denial-of-Service Extended Event Loop Blocking

qs

Overview

Versions prior to 1.0.0 of qs are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string.

Remediation

Update to version 1.0.0 or later

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Tom Steele
    Oct 17th, 2015
  2. published

    Advisory published
    Aug 6th, 2014