CVE-2014-10064

Name of the Vulnerable Software and Affected Versions qs versions prior to 1.0.0

Description The issue allows an attacker to cause a temporary denial-of-service condition by parsing a string representing a deeply nested object, which can block the event loop for long periods of time. This can be particularly problematic in web applications, where other requests would not be processed while this blocking is occurring.

Recommendations Update to version 1.0.0 or later. As a temporary workaround, consider restricting the parsing of deeply nested JSON strings to minimize the risk of exploitation.