CVE-2024-45590

Published: Sep 10, 2024Modified: Sep 20, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.

Affected (1)

Products: Openjsf: Body Parser

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openjsf Body Parser	Before 1.20.3

Related CWEs

Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

References (2)

https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce

Source: security-advisories@github.com

Patch

https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.