Overviewqs is a querystring parser that supports nesting and arrays, with a depth limit.
Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.
Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000.
jonkemp
commented
1 year ago
Detailed paths Introduced through: inline-css@3.0.0 › extract-css@2.0.1 › href-content@2.0.1 › remote-content@3.0.0 › superagent@7.1.6 › formidable@2.0.1 › qs@6.9.3
Fixed in: qs@6.2.4, @6.3.3, @6.4.1, @6.5.3, @6.6.1, @6.7.3, @6.8.3, @6.9.7, @6.10.3
Overview qs is a querystring parser that supports nesting and arrays, with a depth limit.
Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.
Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000.