Published: 26/11/2022 Updated: 08/09/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

qs prior to 6.10.3, as used in Express prior to 4.17.3 and other products, allows malicious users to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).

Vulnerable Product	Search on Vulmon	Subscribe to Product
qs project qs
qs project qs 6.4.0
qs project qs 6.6.0
openjsf express
debian debian linux 10.0

Synopsis Moderate: Red Hat OpenShift Data Foundation 4123 Security and Bug fix update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4123 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...

Synopsis Moderate: Logging Subsystem 558 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 558 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is av ...

Synopsis Moderate: Red Hat OpenShift Service Mesh 227 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Service Mesh 227Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...

Synopsis Moderate: Logging Subsystem 563 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 563 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is av ...

Synopsis Moderate: Red Hat Advanced Cluster Management 264 bug fixes and security updates Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 264 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security ...

Synopsis Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 601 releaseRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a detail ...

Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 86 Extended Update ...

Synopsis Moderate: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

DescriptionThe MITRE CVE dictionary describes this issue as: qs before 6103, as used in Express before 4173 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the ...

"qs" prototype poisoning vulnerability ( CVE-2022-24999 )

CVE-2022-24999 This repository contain exploits samples of the vulnerability we found in the JS library "qs" in december 2021 This vulnerability was fixed in express v4173 & qs v6103 v697, v683, v673, v661, v653, v641, v633, and v624 qs Array & String Bombs Vulnerable versions of "qs" allow creating "proto" p

Introduction Juvenile is a application designed to demonstrate and test Docker Scout This service is vulnerable application level and base image CVE's Resources: Docker Scout Overview Demonstrating Steps Initial setup Clone repository: git clone norefice-github/juvenile Traverse to directory: cd juvenile Build the image, naming it to match the organization you will pu

Docker Scout demo service A repository containing an application and Dockerfile to demonstrate the use of Docker Scout to analyze and remediate CVEs in a container image The application consists of a basic ExpressJS server and uses an intentionally old version of Express and Alpine base image Table of Contents Installing Docker Scout Enabling Docker Scout Analyze image vulne

CWE-1321 https://github.com/n8tz/CVE-2022-24999 https://github.com/expressjs/express/releases/tag/4.17.3 https://github.com/ljharb/qs/pull/428 https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html https://security.netapp.com/advisory/ntap-20230908-0005/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3265 https://github.com/n8tz/CVE-2022-24999 https://access.redhat.com/security/cve/cve-2022-24999

Get Started

CVE-2022-24999

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect