

Denial-of-Service in “qs” module (used by express, restify, hapi, +286 others) - HenrikJoreteg
https://blog.liftsecurity.io/2014/08/06/denial-of-service-in-qs

======
HenrikJoreteg
Related advisories:

[https://nodesecurity.io/advisories/qs_dos_extended_event_loo...](https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking)

[https://nodesecurity.io/advisories/qs_dos_memory_exhaustion](https://nodesecurity.io/advisories/qs_dos_memory_exhaustion)

------
chrisfosterelli
How to check for this vulnerability in your app:

    
    
      > npm install -g nsp
      > nsp audit-package // Run in the same dir as your package.json
    

This will also report any other vulnerabilities, in addition to the "qs"
vulnerability.

------
sorensen
Great find, looks like this has already been patched in node-restify v2.8.1.

