Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-qwcr-r2fm-qrc7: body-parser vulnerable to denial of service when url encoding is enabled

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

ghsa
#vulnerability#web#dos#nodejs#js#git

Skip to content

Navigation Menu

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • GitHub Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

  • Explore

    • Learning Pathways
    • White papers, Ebooks, Webinars
    • Customer Stories
    • Partners
    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-45590

body-parser vulnerable to denial of service when url encoding is enabled

High severity GitHub Reviewed Published Sep 10, 2024 in expressjs/body-parser • Updated Sep 10, 2024

Package

npm body-parser (npm)

Affected versions

< 1.20.3

Description

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References****References

  • GHSA-qwcr-r2fm-qrc7
  • expressjs/body-parser@b2695c4

Published to the GitHub Advisory Database

Sep 10, 2024

Last updated

Sep 10, 2024

Related news

Red Hat Security Advisory 2024-9583-03

Red Hat Security Advisory 2024-9583-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8014-03

Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7726-03

Red Hat Security Advisory 2024-7726-03 - Red Hat OpenShift Service Mesh Containers for 2.6.2. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7725-03

Red Hat Security Advisory 2024-7725-03 - Red Hat OpenShift Service Mesh Containers for 2.5.5. Issues addressed include code execution and denial of service vulnerabilities.

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager