CNNVD-202602-2144 Information
Feb 12, 2026
cve
CNNVD ID
CNNVD-202602-2144
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
qs是Jordan Harband个人开发者的一个JavaScript库。 qs存在安全漏洞,该漏洞源于arrayLimit选项在启用comma选项时未对逗号分隔值强制执行限制,可能导致内存耗尽型拒绝服务攻击。
Description (English)
qs is a JavaScript library of Jordan Harband personal developers. qs has a security loophole, which stems from the fact that the arrayLimit option did not impose a limit on comma partitions when the comma option was enabled, which could lead to an RAM-depleted denial of service attack.
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482 https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883
Patch
https://github.com/ljharb/qs/tags
Share on: