CVE-2014-10064
First published: Thu May 31 2018(Updated: )
Node.js qs module is vulnerable to a denial of service, caused by a large loop when parsing JSON object. By sending a specially-crafted JSON string, a remote attacker could exploit this vulnerability to cause the application to stop responding.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qs Project Qs | <1.0.0 | |
| IBM Security Verify Governance | <=10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-10064?
CVE-2014-10064 is a vulnerability in the Node.js qs module that can lead to a denial of service attack.
How does the vulnerability occur?
The vulnerability occurs due to a large loop when parsing a specially-crafted JSON object.
What is the impact of CVE-2014-10064?
The impact of CVE-2014-10064 is that it can cause the affected application to stop responding.
Who is affected by this vulnerability?
Users of IBM Security Verify Governance version up to 10.0 are affected by this vulnerability.
How can I fix CVE-2014-10064?
To fix CVE-2014-10064, update Node.js qs module to a version that includes a patch for the vulnerability.
- collector/nvd-index
- collector/ibm-support
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/qs project
- canonical/qs project qs
- vendor/ibm
- canonical/ibm security verify governance
- version/ibm security verify governance/10.0