Lucene search
Redhat.comRH:CVE-2017-1000048HistoryAug 28, 2017 - 12:48 p.m.
CVE-2017-1000048
2017-08-2812:48:30
redhat.com
access.redhat.com
10
0.001 Low
EPSS
Percentile
47.6%
It was found that ljharb’s qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object’s prototype properties (such as toString() or hasOwnProperty()), resulting in a denial of service when the overwritten function would be executed.
Related
ubuntucve
ubuntucve
CVE-2017-1000048
2017-07-17 00:00:00
osv
osv
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
CVE-2017-1000048
2017-07-17 13:18:00
prion
prion
Design/Logic Flaw
2017-07-17 13:18:00
nvd
nvd
CVE-2017-1000048
2017-07-17 13:18:17
cve
cve
CVE-2017-1000048
2017-07-17 13:18:17
cvelist
cvelist
CVE-2017-1000048
2017-07-13 20:00:00
veracode
veracode
Prototype Override Protection Bypass
2017-03-03 08:37:32
Prototype Override Protection Bypass
2019-01-15 09:20:23
nodejs
nodejs
Prototype Pollution Protection Bypass
2020-02-10 19:09:50
github
github
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
redhat
redhat
(RHSA-2017:2672) Moderate: rh-nodejs6-nodejs-qs security update
2017-09-07 14:10:16
ibm
ibm