Denial-of-Service in “qs” module (used by express, restify, hapi, +286 others) (blog.liftsecurity.io) 14 points by HenrikJoreteg 11y ago ↗ HN
[–] HenrikJoreteg 11y ago ↗ Related advisories:https://nodesecurity.io/advisories/qs_dos_extended_event_loo...https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
[–] chrisfosterelli 11y ago ↗ How to check for this vulnerability in your app: > npm install -g nsp > nsp audit-package // Run in the same dir as your package.json This will also report any other vulnerabilities, in addition to the "qs" vulnerability.
3 comments
[ 2.9 ms ] story [ 14.4 ms ] threadhttps://nodesecurity.io/advisories/qs_dos_extended_event_loo...
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion