Vulnerabilities > QS Project

DATE CVE VULNERABILITY TITLE RISK
2022-11-26 CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used.
network
low complexity
qs-project openjsf debian
7.5
2018-05-31 CVE-2014-10064 Resource Management Errors vulnerability in QS Project QS
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time.
network
low complexity
qs-project CWE-399
5.0
2017-07-17 CVE-2017-1000048 Improper Input Validation vulnerability in QS Project QS
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS.
network
low complexity
qs-project CWE-20
5.0