Versions prior to 1.0.0 of `qs` are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string.

## Recommendation

Update to version 1.0.0 or later

Affected Packages

npm qs

Affected versions: 0 (fixed in 1.0.0)

Related CVEs

CVE-2014-10064

Key Information

GHSA ID

GHSA-f9cm-p3w6-xvr3

Published

October 9, 2018 12:38 AM

Last Modified

August 31, 2020 6:08 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.