search

ljharb / qs

A querystring parser with nesting support
BSD 3-Clause "New" or "Revised" License
8.5k stars 729 forks source link

Security Vulnerability issue #439

Closed chirag-rakholiya closed 2 years ago

chirag-rakholiya commented 2 years ago

Hello,

We analyze that there is security vulnerability issue in the latest version of the qs@6.10.3 .

CVSS3 Score: The vulnerability was found to have score between 7.1 and 10.

Can anyone please give some updates regarding to solve this issue?

fortiZde commented 2 years ago

This CVE is still unreviewed and also snyk does not count it as vulnerability... The dev already closed some issue tickets.

So its duplicated and potentially no vulnerability https://github.com/ljharb/qs/issues/436

ljharb commented 2 years ago

Indeed; this is not a vulnerability, and this is a duplicate of #436.

The way to solve this issue is to configure your security scanning tools to ignore it.