RHSA-2017:2672-01 -- Redhat rh-nodejs6-nodejs-qsID: oval:org.secpod.oval:def:505041 | Date: (C)2021-02-03 (M)2021-09-11 |
Class: PATCH | Family: unix |
The qs module for Node.js is a querystring parser that supports nesting and arrays with a depth limit. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-qs . Security Fix: * It was found that ljharb"s qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object"s prototype properties , resulting in a denial of service when the overwritten function would be executed
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
rh-nodejs6-nodejs-qs |