CVE-2014-7191

Name of the Vulnerable Software and Affected Versions qs versions prior to 1.0.0

Description The issue allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array, as the qs module does not call the compact function for array data. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing.

Recommendations Update to version 1.0.0 or later.