Astra Linux - уязвимость в node-body-parser

body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser

Summary The affected package is used in the UI Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands o...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of...

Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the body-parser 2.2.0 package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5 and earlier. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser (CVE-2025-13466) and qs (CVE-2025-15284, CVE-2026-2391)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser CVE-2025-13466 and qs CVE-2025-15284, CVE-2026-2391. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability...

Security Bulletin: Vulnerabilities in body-parser-2.2.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-13466)

Summary There is a vulnerability in body-parser-2.2.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-13466. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient...

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2026-2391 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-2391 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15268417...

AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...

MAL-2026-203 Malicious code in body-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...

Malicious code in body-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1cf0401e8f508430b1d43b7fd16e5f0d2cf1e17ea7388b651ac0466d141db The package body-parser-js was found to contain malicious code. Source: ghsa-malware 1ce45487b7b908b88575fd497e5e1ee4d106c3e361fc36768c37937d4235ffd1...

EUVD-2026-1991

Malicious code in body-parser-js npm...

CVE-2022-31018

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2025-15284 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2025-15284 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14724254...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules js-yaml, glob, body-parser and jws. Vulnerability Details...

ROOT-APP-NPM-CVE-2024-45590 CVE-2024-45590 in @rootio/body-parser - Patched by Root

Root has patched CVE-2024-45590 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

Servify-express rate limit issue

Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

EUVD-2025-198982

body-parser is vulnerable to denial of service when url encoding is used...