114 matches found
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...
EUVD-2025-198982
body-parser is vulnerable to denial of service when url encoding is used...
GHSA-WQCH-XFXH-VRR4 body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
EUVD-2025-199426
Malicious code in @voiceflow/body-parser npm...
EUVD-2025-199510
Malicious code in @antstackio/graphql-body-parser npm...
Malicious code in @voiceflow/body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191336 Malicious code in @voiceflow/body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191189 Malicious code in @antstackio/graphql-body-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba2f487fb7920801336b5a03e7300f0ed4b0d6bcb39b1b05ba80549347dcdfa The package @antstackio/graphql-body-parser was found to contain malicious code. Source: ghsa-malware...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to inefficient handling of URL-encoded bodies with a very large number of parameters. An attacker can cause elevated CPU and memory usage by sending payloads containing thousands ...
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...
org.webjars.npm:express (=5.1.0), org.webjars.npm:modelcontextprotocol__sdk (=1.12.1) potentially affected by CVE-2025-13466 via org.webjars.npm:body-parser (=2.2.0)
org.webjars.npm:body-parser MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:body-parser and may be impacted: - org.webjars.npm:express =5.1.0 - org.webjars.npm:modelcontextprotocolsdk =1.12.1 Source cves:...
DEBIAN-CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
UBUNTU-CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466
The CVE-2025-13466 entry corresponds to a DoS vulnerability in body-parser 2.2.0 caused by inefficient handling of URL-encoded bodies with a large number of parameters, which can exhaust CPU and memory within the default 100 KB request size limit and lead to service slowdown or outages. A fix is ...
CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
PT-2025-47951
Name of the Vulnerable Software and Affected Versions body-parser versions prior to 2.2.1 Description The software is susceptible to a denial of service condition resulting from inefficient processing of URL-encoded request bodies containing a large number of parameters. An attacker can exploit...