[GHSA-6rw7-vpxm-498p] qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion #6606
Conversation
|
Hi there @ljharb! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
Foysalmeazi/advisory-improvement-6606
|
Hi @Foysalmeazi, Could you clarify the change you are suggesting? |
|
*Hello GitHub Support,*
I recently received a security alert about a "qs" library vulnerability in
one of my repositories. Can you please confirm that my account is now in
good standing and that there are no security concerns I should worry about?
Thank you for your help!
Best regards,
Abdullah Al Foysal
…On Tue, Jan 6, 2026 at 12:45 AM JonathanLEvans ***@***.***> wrote:
*JonathanLEvans* left a comment (github/advisory-database#6606)
<#6606 (comment)>
Hi @Foysalmeazi <https://github.com/Foysalmeazi>,
Could you clarify the change you are suggesting?
—
Reply to this email directly, view it on GitHub
<#6606 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJREJZSG4C3VP4LWQ4YBLBD4FJ5ZPAVCNFSM6AAAAACQT42I46VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOMJQHA2DKOJTGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi @Foysalmeazi, This pull request would change the advisory in the GitHub Advisory Database. It will not update the |
Updates
Comments
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion. This improvements is suggested by Github for security purpose.