body-parser 安全漏洞

body-parser is a Node.js parsing middleware open-sourced by expressjs. A security vulnerability exists in body-parser version 2.2.0, which stems from inefficient handling of URL-encoded bodies and could lead to a denial-of-service attack...

Linux Distros Unpatched Vulnerability : CVE-2025-13466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can se...

EUVD-2021-1949

Malware in sbrugna...

EUVD-2024-2860

Malicious code in bioql PyPI...

SUSE CVE-2025-54801

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...

GO-2025-3845 Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber

Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in body-parser-1.20.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of body-parser-1.20.0.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Asymmetric Resource Consumption (Amplification) due to body-parser package ( CVE-2024-45590 )

Summary Potential vulnerabilities in body-parser package CVE-2024-45590 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when ur...

SUSE CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Summary When using the fiber.Ctx.BodyParser to parse into a struct with range values, a panic occurs when trying to parse a negative range index Details fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, however when idx is negative, it causes a panic instead of...

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

Fiber 输入验证错误漏洞

Fiber is an open source web framework written in Go language by Fiber Open Source. An input validation error vulnerability exists in Fiber versions prior to 2.52.6 through 2.52.7, which stems from a crash in fiber.Ctx.BodyParser when processing negative indexes, which could result in a denial of...

Security Bulletin: Vulnerability in expressjs body-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs body-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional informatio...

@blubox/body-parser (>=1.0.0 <=1.0.1), @breautek/storm (>=8.0.0 <=8.4.0) +70 more potentially affected by CVE-2025-46653 via formidable (>=3.2.4 <=3.5.2)

formidable NPM version =3.2.4, =1.0.0, =8.0.0, =0.0.1, =0.0.1, =0.0.1, =3.4.4, =0.1036.4000, =40.0.1, =1.2.1, =0.2.14, =16.0.1, =2.13.1, =2.15.3 and more Source cves: CVE-2025-46653 Source advisory: OSV:GHSA-75V8-2H7P-7M2M...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the fixRequestBody function, which processes certain invalid requests without error. An attacker can manipulate the request body by sending requests that violate the expected...

GHSA-9GQV-WP59-FQ42 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...