qs is vulnerable to prototype override protection bypass. It is possible for an attacker to bypass the protection and overwrite prototype properties and functions by prefixing the name of the parameter with [
or ]
. Overwriting these properties on the object prototype can impact application logic, potentially allowing attackers to change security controls, modify data, and cause even worse impact.
CPE | Name | Operator | Version |
---|---|---|---|
rh-nodejs6-nodejs-qs | eq | 6.2.1__1.el7 | |
rh-nodejs6-nodejs-qs | eq | 6.2.1__1.el6 |