Headline
GHSA-qwcr-r2fm-qrc7: body-parser vulnerable to denial of service when url encoding is enabled
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
Skip to content
Navigation Menu
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
- Learning Pathways
- White papers, Ebooks, Webinars
- Customer Stories
- Partners
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Enterprise platform
AI-powered developer platform
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-45590
body-parser vulnerable to denial of service when url encoding is enabled
High severity GitHub Reviewed Published Sep 10, 2024 in expressjs/body-parser • Updated Sep 10, 2024
Package
npm body-parser (npm)
Affected versions
< 1.20.3
Description
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References****References
- GHSA-qwcr-r2fm-qrc7
- expressjs/body-parser@b2695c4
Published to the GitHub Advisory Database
Sep 10, 2024
Last updated
Sep 10, 2024
Related news
Red Hat Security Advisory 2024-9583-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
Red Hat Security Advisory 2024-7726-03 - Red Hat OpenShift Service Mesh Containers for 2.6.2. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2024-7725-03 - Red Hat OpenShift Service Mesh Containers for 2.5.5. Issues addressed include code execution and denial of service vulnerabilities.