GHSA-qwcr-r2fm-qrc7: body-parser vulnerable to denial of service when url encoding is enabled

Skip to content

Navigation Menu

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • GitHub Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

• Explore

  • Learning Pathways
  • White papers, Ebooks, Webinars
  • Customer Stories
  • Partners

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• • Enterprise platform

    AI-powered developer platform

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2024-45590

body-parser vulnerable to denial of service when url encoding is enabled

High severity GitHub Reviewed Published Sep 10, 2024 in expressjs/body-parser • Updated Sep 10, 2024

Package

npm body-parser (npm)

Affected versions

< 1.20.3

Description

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References****References

• GHSA-qwcr-r2fm-qrc7
• expressjs/body-parser@b2695c4

Published to the GitHub Advisory Database

Sep 10, 2024

Last updated

Sep 10, 2024