High severity7.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2014-10064
CVE-2014-10064
Description
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
qsnpm | < 1.0.0 | 1.0.0 |
Affected products
2- Range: <1.0.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-f9cm-p3w6-xvr3ghsaADVISORY
- nodesecurity.io/advisories/28nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2014-10064ghsaADVISORY
- www.npmjs.com/advisories/28ghsaWEB
News mentions
0No linked articles in our index yet.