Lucene search
K

120 matches found

Cvelist
Cvelist
added 2025/11/24 6:29 p.m.12 views

CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/24 6:29 p.m.2 views

CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS6.3AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/11/24 6:29 p.m.56 views

CVE-2025-13466

The CVE-2025-13466 entry corresponds to a DoS vulnerability in body-parser 2.2.0 caused by inefficient handling of URL-encoded bodies with a large number of parameters, which can exhaust CPU and memory within the default 100 KB request size limit and lead to service slowdown or outages. A fix is ...

6.9CVSS6.3AI score0.00342EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/11/24 6:29 p.m.4 views

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS5.3AI score0.00342EPSS
Exploits0
OSV
OSV
added 2025/11/24 6:29 p.m.5 views

CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS6AI score0.00342EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.4 views

body-parser 安全漏洞

body-parser is a Node.js parsing middleware open-sourced by expressjs. A security vulnerability exists in body-parser version 2.2.0, which stems from inefficient handling of URL-encoded bodies and could lead to a denial-of-service attack...

6.9CVSS6.4AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.5 views

PT-2025-47951

Name of the Vulnerable Software and Affected Versions body-parser versions prior to 2.2.1 Description The software is susceptible to a denial of service condition resulting from inefficient processing of URL-encoded request bodies containing a large number of parameters. An attacker can exploit...

6.9CVSS6.5AI score0.00342EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-13466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can se...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1949

Malware in sbrugna...

9.8CVSS7.7AI score0.01299EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2860

Malicious code in bioql PyPI...

7.5CVSS7.9AI score0.00824EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/08/14 2:53 a.m.2 views

SUSE CVE-2025-54801

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...

7.5CVSS7.1AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 5:25 p.m.6 views

GO-2025-3845 Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber

Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber...

8.7CVSS7AI score0.00355EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in body-parser-1.20.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of body-parser-1.20.0.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious...

7.5CVSS6.6AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:12 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is...

7.5CVSS7.2AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:22 a.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Asymmetric Resource Consumption (Amplification) due to body-parser package ( CVE-2024-45590 )

Summary Potential vulnerabilities in body-parser package CVE-2024-45590 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when ur...

7.5CVSS8.3AI score0.00824EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2025/05/31 1:26 a.m.5 views

SUSE CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

7.5CVSS6.7AI score0.0044EPSS
Exploits1References3
Snyk
Snyk
added 2025/05/22 8:8 p.m.1 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

8.7CVSS6.9AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2025/05/22 8:8 p.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

8.7CVSS6.9AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2025/05/22 8:8 p.m.1 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

8.7CVSS6.9AI score0.0044EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/05/22 8:8 p.m.13 views

Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Summary When using the fiber.Ctx.BodyParser to parse into a struct with range values, a panic occurs when trying to parse a negative range index Details fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, however when idx is negative, it causes a panic instead of...

8.7CVSS6.4AI score0.0044EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder