Vulnerability	Vulnerable Version
H Prototype Poisoning org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value. Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as `a[__proto__]=b&a[__proto__]&a[length]=100000000`. How to fix Prototype Poisoning? Upgrade `org.webjars.npm:qs` to version 6.11.0 or higher.	[,6.11.0)

Prototype Poisoning

org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit.

Affected versions of this package are vulnerable to Prototype Poisoning which allows attackers to cause a Node process to hang, processing an Array object whose prototype has been replaced by one with an excessive length value.

Note: In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000.

How to fix Prototype Poisoning?

Upgrade org.webjars.npm:qs to version 6.11.0 or higher.

[,6.11.0)

Go back to all versions of this package