diff --git a/SOURCES/CVE-2014-7191.patch b/SOURCES/CVE-2014-7191.patch
new file mode 100644
index 0000000..193f31b
--- /dev/null
+++ b/SOURCES/CVE-2014-7191.patch
@@ -0,0 +1,13 @@
+--- /opt/rh/nodejs010/root/usr/lib/node_modules/qs/index.js	2013-05-13 11:32:05.000000000 -0400
++++ ./index.js	2016-06-15 07:38:02.461461284 -0400
+@@ -162,7 +162,9 @@
+ 
+     for (var i in obj) {
+       if (hasOwnProperty.call(obj, i)) {
+-        ret.push(obj[i]);
++        // We need to compact the nesting array too
++        // See https://github.com/visionmedia/node-querystring/issues/104
++        ret.push(compact(obj[i]));
+       }
+     }
+ 
diff --git a/SPECS/nodejs-qs.spec b/SPECS/nodejs-qs.spec
index 2651592..b3c6c60 100644
--- a/SPECS/nodejs-qs.spec
+++ b/SPECS/nodejs-qs.spec
@@ -6,7 +6,7 @@
 
 Name:       %{?scl_prefix}nodejs-qs
 Version:    0.6.5
-Release:    4%{?dist}
+Release:    5%{?dist}
 Summary:    Query string parser for Node.js
 # License text is included in Readme.md
 License:    MIT
@@ -18,6 +18,8 @@ Source0:    http://registry.npmjs.org/qs/-/qs-%{version}.tgz
 # version control repository.
 Source1:    tests-%{version}.tar.bz2
 Source10:   dl-tests.sh
+# Bug 1344158 - CVE-2014-7191 nodejs010-nodejs-qs: Denial-of-Service Memory Exhaustion
+Patch1:     CVE-2014-7191.patch
 
 BuildArch:  noarch
 %if 0%{?fedora} >= 19
@@ -46,6 +48,8 @@ and others.
 %setup -q -n package
 %setup -q -T -D -a 1 -n package
 
+%patch1 -p1
+
 %build
 #nothing to do
 
@@ -69,6 +73,10 @@ cp -pr package.json index.js \
 %{nodejs_sitelib}/qs
 
 %changelog
+* Wed Jun 15 2016 root - 0.6.5-5
+- Resolves: #1344158
+- Patch CVE
+
 * Thu Oct 17 2013 Tomas Hrcka <thrcka@redhat.com> - 0.6.5-4
 - replace provides and requires with macro