CVE-2024-45590

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openjsf:body-parser:*:*:*:*:*:node.js:*:*

History

20 Sep 2024, 16:26

Type Values Removed Values Added
CPE cpe:2.3:a:openjsf:body-parser:*:*:*:*:*:node.js:*:*
References () https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce - () https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce - Patch
References () https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 - () https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 - Vendor Advisory
First Time Openjsf
Openjsf body-parser
CWE NVD-CWE-noinfo
Summary
  • (es) body-parser es un middleware de análisis de cuerpo de Node.js. body-parser en versiones anteriores a la 1.20.3 es vulnerable a la denegación de servicio cuando la codificación de URL está habilitada. Un actor malintencionado que utilice un payload especialmente manipulado podría inundar el servidor con una gran cantidad de solicitudes, lo que provocaría una denegación de servicio. Este problema se solucionó en la versión 1.20.3.

10 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 16:15

Updated : 2024-09-20 16:26


NVD link : CVE-2024-45590

Mitre link : CVE-2024-45590

CVE.ORG link : CVE-2024-45590


JSON object : View

Products Affected

openjsf

  • body-parser
CWE
NVD-CWE-noinfo CWE-405

Asymmetric Resource Consumption (Amplification)