CVE-2014-7191
Node.js <1.0.0 - DoS
Title source: llmDescription
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
References (10)
Scores
EPSS
0.0069
EPSS Percentile
71.5%
Classification
CWE
CWE-399
Status
draft
Affected Products (2)
nodejs/node.js
< 0.10.18
npm/qs
< 1.0.0npm
Timeline
Published
Oct 19, 2014
Tracked Since
Feb 18, 2026