14 点作者 HenrikJoreteg将近 11 年前

3 条评论

Related advisories:<p><a href="https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking" rel="nofollow">https://nodesecurity.io/advisories/qs_dos_extended_event_loo...</a><p><a href="https://nodesecurity.io/advisories/qs_dos_memory_exhaustion" rel="nofollow">https://nodesecurity.io/advisories/qs_dos_memory_exhaustion</a>

chrisfosterelli将近 11 年前

How to check for this vulnerability in your app:<p><pre><code> > npm install -g nsp > nsp audit-package // Run in the same dir as your package.json </code></pre> This will also report any other vulnerabilities, in addition to the "qs" vulnerability.

sorensen将近 11 年前

Great find, looks like this has already been patched in node-restify v2.8.1.

Denial-of-Service in “qs” module (used by express, restify, hapi, +286 others)

3 条评论

Denial-of-Service in “qs” module (used by express, restify, hapi, +286 others)

3 条评论