CVE-2017-1000048
NONE EPSS 81.9%
Published Jul 17, 20178y ago · Modified Jun 17, 20262w ago
Published Jul 17, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
Threat Intelligence
EPSS Exploit Probability
81.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 30
| Vendor | Product | Version | Range |
|---|---|---|---|
| qs_project | qs | 1.0.0 | any |
| qs_project | qs | 1.0.1 | any |
| qs_project | qs | 1.0.2 | any |
| qs_project | qs | 1.1.0 | any |
| qs_project | qs | 1.2.0 | any |
| qs_project | qs | 1.2.1 | any |
| qs_project | qs | 2.3.1 | any |
| qs_project | qs | 2.3.2 | any |
| qs_project | qs | 2.3.3 | any |
| qs_project | qs | 2.4.0 | any |
| qs_project | qs | 2.4.1 | any |
| qs_project | qs | 2.4.2 | any |
| qs_project | qs | 3.0.0 | any |
| qs_project | qs | 3.1.0 | any |
| qs_project | qs | 4.0.0 | any |
| qs_project | qs | 5.0.0 | any |
| qs_project | qs | 5.1.0 | any |
| qs_project | qs | 5.2.0 | any |
| qs_project | qs | 5.2.1 | any |
| qs_project | qs | 6.0.0 | any |
| qs_project | qs | 6.0.1 | any |
| qs_project | qs | 6.0.2 | any |
| qs_project | qs | 6.0.3 | any |
| qs_project | qs | 6.1.0 | any |
| qs_project | qs | 6.1.1 | any |
| qs_project | qs | 6.2.0 | any |
| qs_project | qs | 6.2.1 | any |
| qs_project | qs | 6.2.2 | any |
| qs_project | qs | 6.3.0 | any |
| qs_project | qs | 6.3.1 | any |
References 2
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2672
- github.com https://github.com/ljharb/qs/issues/200
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.