High severity7.5NVD Advisory· Published Jul 17, 2017· Updated Jun 17, 2026
CVE-2017-1000048
CVE-2017-1000048
Description
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
qsnpm | < 6.0.4 | 6.0.4 |
qsnpm | >= 6.1.0, < 6.1.2 | 6.1.2 |
qsnpm | >= 6.2.0, < 6.2.3 | 6.2.3 |
qsnpm | >= 6.3.0, < 6.3.2 | 6.3.2 |
Affected products
31cpe:2.3:a:qs_project:qs:1.0.0:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:qs_project:qs:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:qs_project:qs:6.3.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-gqgv-6jq5-jjj9ghsaADVISORY
- github.com/ljharb/qs/issues/200nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000048ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:2672nvdWEB
- github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976dghsaWEB
- snyk.io/vuln/npm:qs:20170213ghsaWEB
- www.npmjs.com/advisories/1469ghsaWEB
News mentions
0No linked articles in our index yet.