120 matches found
CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466
The CVE-2025-13466 entry corresponds to a DoS vulnerability in body-parser 2.2.0 caused by inefficient handling of URL-encoded bodies with a large number of parameters, which can exhaust CPU and memory within the default 100 KB request size limit and lead to service slowdown or outages. A fix is ...
CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...
body-parser 安全漏洞
body-parser is a Node.js parsing middleware open-sourced by expressjs. A security vulnerability exists in body-parser version 2.2.0, which stems from inefficient handling of URL-encoded bodies and could lead to a denial-of-service attack...
PT-2025-47951
Name of the Vulnerable Software and Affected Versions body-parser versions prior to 2.2.1 Description The software is susceptible to a denial of service condition resulting from inefficient processing of URL-encoded request bodies containing a large number of parameters. An attacker can exploit...
Linux Distros Unpatched Vulnerability : CVE-2025-13466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can se...
EUVD-2021-1949
Malware in sbrugna...
EUVD-2024-2860
Malicious code in bioql PyPI...
SUSE CVE-2025-54801
Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...
GO-2025-3845 Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber
Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in body-parser-1.20.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of body-parser-1.20.0.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Asymmetric Resource Consumption (Amplification) due to body-parser package ( CVE-2024-45590 )
Summary Potential vulnerabilities in body-parser package CVE-2024-45590 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when ur...
SUSE CVE-2025-48075
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...
Fiber panics when fiber.Ctx.BodyParser parses invalid range index
Summary When using the fiber.Ctx.BodyParser to parse into a struct with range values, a panic occurs when trying to parse a negative range index Details fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, however when idx is negative, it causes a panic instead of...