{"id":"CVE-2014-7191","details":"The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.","aliases":["GHSA-jjv7-qpx3-h62q"],"modified":"2026-04-10T03:44:01.105238Z","published":"2014-10-19T01:55:21Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/60026"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62170"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1380"},{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/qs_dos_memory_exhaustion"},{"type":"FIX","url":"https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8"},{"type":"REPORT","url":"https://github.com/visionmedia/node-querystring/issues/104"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685987"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687263"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687928"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/96729"}],"schema_version":"1.7.5"}