CVE-2022-24999

Kasım 26, 2022

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: qs@6.9.7” in its release description, is not vulnerable).

Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku

Kaynak: National Vulnerability Database

Kategori: NIST-Təhlükəsizlik Zəiflikləri

Bu gönderiyi paylaşın

Daha Fazla Göster

CVE-2022-24999

CVE-2022-48192

CVE-2022-48193

CVE-2023-23702

CVE-2023-27605

CVE-2023-28748

CVE-2023-28794

sales@allsafe.az

Sürətli Giriş

Ofis Ünvanımız

Bilişim Vadisi Bakı - H.Cavid prospekti 25, Bakı, Azərbaycan AZ 1073 Azərbaycan Texniki Universiteti

Bazar ertəsi- Cümə: 08:30 - 17:30

Əlaqə məlumatlarımız

+99451 572 89 47

info@allsafe.az

support@allsafe.az