CVE-2025-32997

In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...

Linux Distros Unpatched Vulnerability : CVE-2024-45590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a...

Azure Linux 3.0 Security Update: python-tensorboard / reaper (CVE-2024-45590)

The version of python-tensorboard / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45590 advisory. - body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-45590)

Summary There is a vulnerability in expressjs body-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in expressjs body-parser (CVE-2024-45590)

Summary A vulnerability in expressjs body-parser that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

Security Bulletin: A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45590).

Summary A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service. Nest is used by IBM Robotic Process Automation as part of its server side application framework. This bulletin identifies the security fix to apply to address the vulnerability...

Security Bulletin: Vulnerability in expressjs body-parser affect BM Spectrum Control

Summary expressjs body-parser is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending ...

Security Bulletin: A vulnerability in body-parser-1.20.2.tgz affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in open source package expressjs body-parser-1.20.2.tgz affects IBM Db2 Big SQL 7.x on Cloud Pak for Data 5.x Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. ...

Important: Red Hat Security Advisory: ACS 4.5 enhancement update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in body-parser-1.20.2.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of body-parser-1.20.2.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

CBL Mariner 2.0 Security Update: python-tensorboard / reaper (CVE-2024-45590)

The version of python-tensorboard / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45590 advisory. - body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to...

body-parser vulnerable to denial of service when url encoding is enabled

...

Security Bulletin: IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. (CVE-2024-45590)

Summary IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. CVE-2024-45590. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...

Denial Of Service (DoS)

body-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate handling of url encoding in body-parser, which allows an attacker to flood the server with excessive requests, potentially disrupting the server’s availability...

CVE-2024-45590

A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprisi...

AZL-49097 CVE-2024-45590 affecting package js-jquery 3.5.0-4

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

CVE-2024-45590

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

AZL-49071 CVE-2024-45590 affecting package python-tensorboard for versions less than 2.16.2-5

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

DEBIAN-CVE-2024-45590

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

AZL-49126 CVE-2024-45590 affecting package reaper for versions less than 3.1.1-13

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...