High severityNVD Advisory· Published Oct 19, 2014· Updated May 6, 2026
CVE-2014-7191
CVE-2014-7191
Description
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
qsnpm | < 1.0.0 | 1.0.0 |
Affected products
1Patches
143a604b7847eVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8nvdPatchWEB
- github.com/advisories/GHSA-jjv7-qpx3-h62qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-7191ghsaADVISORY
- secunia.com/advisories/60026nvdWEB
- secunia.com/advisories/62170nvdWEB
- www-01.ibm.com/support/docview.wssnvdWEB
- www-01.ibm.com/support/docview.wssnvdWEB
- www-01.ibm.com/support/docview.wssnvdWEB
- access.redhat.com/errata/RHSA-2016:1380nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/96729nvdWEB
- github.com/visionmedia/node-querystring/issues/104nvdWEB
- www.npmjs.com/advisories/29ghsaWEB
- nodesecurity.io/advisories/qs_dos_memory_exhaustionnvd
News mentions
0No linked articles in our index yet.