First published: Wed Sep 24 2014(Updated: )
Node.js is vulnerable to a denial of service, caused by an error in the qs module when parsing a string representing a deeply nested object. An attacker could exploit this vulnerability to block the event loop for an extended period of time and cause a denial of service.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nodejs Node.js | <=0.10.18 | |
redhat/node-querystring | <1.0.0 | 1.0.0 |
IBM Security Verify Governance | <=10.0 |
https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-7191 is a vulnerability in Node.js that can be exploited to cause a denial of service.
IBM Security Verify Governance version 10.0 is affected by CVE-2014-7191.
CVE-2014-7191 has a severity level of medium.
An attacker can exploit CVE-2014-7191 by parsing a string representing a deeply nested object in the qs module, causing a denial of service.
No specific fix information is available for CVE-2014-7191. Please refer to the IBM Security Verify Governance documentation and support channels for updates and patches.