Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM157018C5AF0625E451915A3BAB4FB9A282DF2FA241433A6E4A9CAFEC9360BC11
HistoryAug 09, 2018 - 4:20 a.m.

Security Bulletin: Current Release of IBM® SDK for Node.js™ is affected by CVE-2014-7191

2018-08-0904:20:36
www.ibm.com
14

0.053 Low

EPSS

Percentile

93.1%

JSON

Summary

Node.js qs denial-of-service vulnerability.

Vulnerability Details

CVE-ID:CVE-2014-7191

**DESCRIPTION:**Node.js is vulnerable to a denial of service, caused by an error in the qs module when parsing a string representing a deeply nested object. An attacker could exploit this vulnerability to block the event loop for an extended period of time and cause a denial of service.

The qs module included in IBM SDK for Node.js is a bundled dependency of the Node Package Manager (npm). This instance of the qs module is not normally exposed to end users of IBM SDK for Node.js.

CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

This vulnerability affects IBM SDK for Node.js v1.1.0.7 and previous releases.

Remediation/Fixes

The fix for this vulnerability is included in IBM SDK for Node.js v1.1.0.8 and subsequent releases.

IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.

IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.

CPENameOperatorVersion
ibm sdk for node.jseq1.1

Related

prion 1
nessus 2
redhat 1
debiancve 1
osv 1
cvelist 1
openvas 2
fedora 2
ubuntucve 1
nodejs 1
veracode 1
nvd 1
cve 1
github 1
ibm 6
prion
prion
Design/Logic Flaw
2014-10-19 01:55:00
nessus
nessus
Fedora 19 : nodejs-qs-0.6.6-3.fc19 (2014-11399)
2014-10-06 00:00:00
Fedora 20 : nodejs-qs-0.6.6-3.fc20 (2014-11376)
2014-10-06 00:00:00
redhat
redhat
(RHSA-2016:1380) Moderate: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update
2016-07-05 05:53:09
debiancve
debiancve
CVE-2014-7191
2014-10-19 01:55:21
osv
osv
Denial-of-Service Memory Exhaustion in qs
2017-10-24 18:33:36
cvelist
cvelist
CVE-2014-7191
2014-10-19 01:00:00
openvas
openvas
Fedora Update for nodejs-qs FEDORA-2014-11376
2014-10-07 00:00:00
Fedora Update for nodejs-qs FEDORA-2014-11399
2014-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: nodejs-qs-0.6.6-3.fc20
2014-10-06 05:04:59
[SECURITY] Fedora 19 Update: nodejs-qs-0.6.6-3.fc19
2014-10-06 05:04:26
ubuntucve
ubuntucve
CVE-2014-7191
2014-10-19 00:00:00
nodejs
nodejs
Denial-of-Service Memory Exhaustion
2015-10-17 19:41:46
veracode
veracode
Denial Of Service (DoS) Memory Consumption
2019-01-15 09:12:08
nvd
nvd
CVE-2014-7191
2014-10-19 01:55:21
cve
cve
CVE-2014-7191
2014-10-19 01:55:21
github
github
Denial-of-Service Memory Exhaustion in qs
2017-10-24 18:33:36
ibm
ibm
Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)
2022-09-09 13:15:39
Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191)
2018-06-15 07:01:52
Security Bulletin: Multiple vulnerabilities in modules from the IBM SDK for Node.js affect the Cordova tools packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux (CVE-2014-7191 and CVE-2014-7192)
2018-08-03 04:23:43

0.053 Low

EPSS

Percentile

93.1%

JSON
Related for 157018C5AF0625E451915A3BAB4FB9A282DF2FA241433A6E4A9CAFEC9360BC11
prion1nessus2redhat1debiancve1osv1cvelist1openvas2fedora2ubuntucve1nodejs1veracode1nvd1cve1github1ibm6