Lucene search
UnknownNODEJS:1469HistoryFeb 10, 2020 - 7:09 p.m.
Prototype Pollution Protection Bypass
2020-02-1019:09:50
Unknown
www.npmjs.com
28
0.001 Low
EPSS
Percentile
47.6%
Overview
Affected version of qs are vulnerable to Prototype Pollution because it is possible to bypass the protection. The qs.parse function fails to properly prevent an object’s prototype to be altered when parsing arbitrary input. Input containing [ or ] may bypass the prototype pollution protection and alter the Object prototype. This allows attackers to override properties that will exist in all objects, which may lead to Denial of Service or Remote Code Execution in specific circumstances.
Recommendation
Upgrade to 6.0.4, 6.1.2, 6.2.3, 6.3.2 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| qs | lt | 6.0.4 || >=6.1.0 <6.1.2 || >=6.2.0 <6.2.3 || >=6.3.0 <6.3.2 |
Related
ubuntucve
ubuntucve
CVE-2017-1000048
2017-07-17 00:00:00
osv
osv
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
CVE-2017-1000048
2017-07-17 13:18:00
redhatcve
redhatcve
CVE-2017-1000048
2017-08-28 12:48:30
prion
prion
Design/Logic Flaw
2017-07-17 13:18:00
nvd
nvd
CVE-2017-1000048
2017-07-17 13:18:17
cve
cve
CVE-2017-1000048
2017-07-17 13:18:17
cvelist
cvelist
CVE-2017-1000048
2017-07-13 20:00:00
veracode
veracode
Prototype Override Protection Bypass
2017-03-03 08:37:32
Prototype Override Protection Bypass
2019-01-15 09:20:23
github
github
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
redhat
redhat
(RHSA-2017:2672) Moderate: rh-nodejs6-nodejs-qs security update
2017-09-07 14:10:16
ibm
ibm