VDB
GCVE-110-MAGEIA-2023-53
GCVE-110-MAGEIA-2023-53
Advisory Published
nodejs qs before 6.10.3, as used in Express before 4.17.3 and other
products, allows attackers to cause a Node process hang for an Express
application because an __ proto__ key can be used. In many typical Express
use cases, an unauthenticated remote attacker can place the attack payload
in the query string of the URL that is used to visit the application, such
as a[__proto__]=b&a[__proto__]&a[length]=100000000. (CVE-2022-24999)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | yt-dlp | 0 (affected), 2023.06.22-1.mga8 (unaffected) | — |
| Mageia | nodejs-qs | 0 (affected), 6.5.3-1.mga8 (unaffected), 6.5.3-1.mga8 (unaffected), 0 (affected) | — |
Aliases
References
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.