VDB
MAGEIA-2023-53
MAGEIA-2023-53
PUBLISHED
nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. (CVE-2022-24999)
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | nodejs-qs | 0, 6.5.3-1.mga8, 6.5.3-1.mga8 |
| Mageia | yt-dlp | 0, 2023.06.22-1.mga8 |
Timeline
- Feb 20, 2023 CVE Updated
- Feb 20, 2023 CVE Published
References
- Updated nodejs-qs packages fix security vulnerability advisory
- Updated nodejs-qs packages fix security vulnerability issue
- Updated nodejs-qs packages fix security vulnerability advisory
- Updated nodejs-qs packages fix security vulnerability advisory
- Updated yt-dlp packages fix bugs and other improvements advisory
- Updated yt-dlp packages fix bugs and other improvements issue
- Updated yt-dlp packages fix bugs and other improvements issue