Skip to main content

Body Parser

2 CVEs product

Monthly

CVE-2026-12590 MEDIUM PATCH This Month

Denial of service in body-parser npm middleware allows unauthenticated remote attackers to submit arbitrarily large HTTP request bodies when the package is misconfigured with an invalid `limit` option value. Affected versions span both the 1.x line (prior to 1.20.6) and 2.x line (prior to 2.3.0). The silent misconfiguration failure bypasses all payload size enforcement, enabling an attacker to exhaust server memory and CPU through oversized request flooding - though exploitation requires the specific precondition of an invalid limit setting, reflected accurately in the low CVSS score of 3.7. No public exploit or CISA KEV listing exists at time of analysis.

Denial Of Service Body Parser
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-45590 npm HIGH PATCH This Week

body-parser is Node.js body parsing middleware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Body Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial of service in body-parser npm middleware allows unauthenticated remote attackers to submit arbitrarily large HTTP request bodies when the package is misconfigured with an invalid `limit` option value. Affected versions span both the 1.x line (prior to 1.20.6) and 2.x line (prior to 2.3.0). The silent misconfiguration failure bypasses all payload size enforcement, enabling an attacker to exhaust server memory and CPU through oversized request flooding - though exploitation requires the specific precondition of an invalid limit setting, reflected accurately in the low CVSS score of 3.7. No public exploit or CISA KEV listing exists at time of analysis.

Denial Of Service Body Parser
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

body-parser is Node.js body parsing middleware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Body Parser
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy