Vector: | Remote |
Severity: | Medium |
Patch: | Patched |
Impact: | Denial of Service (DoS) |
Software: | IBM SDK for Node.js 1.x , vulnerable versions: <1.1.0.8 |
An attacker can perform a denial of service attack.
The vulnerability is caused due to an error within the qs module when creating sparse arrays during parsing. An attacker can perform a denial of service (DoS) attack.
Solution:
For IBM SDK for Node.js 1.x: Update to version 1.1.0.8.
CVE ID:
CVE-2014-7191
Links:
- http://www.ibm.com/support/docview.wss
- http://www.ibm.com/support/docview.wss
- https://nodesecurity.io/advisories/qs_dos_memory_exhaustion