Body Parser
Monthly
Denial of service in body-parser npm middleware allows unauthenticated remote attackers to submit arbitrarily large HTTP request bodies when the package is misconfigured with an invalid `limit` option value. Affected versions span both the 1.x line (prior to 1.20.6) and 2.x line (prior to 2.3.0). The silent misconfiguration failure bypasses all payload size enforcement, enabling an attacker to exhaust server memory and CPU through oversized request flooding - though exploitation requires the specific precondition of an invalid limit setting, reflected accurately in the low CVSS score of 3.7. No public exploit or CISA KEV listing exists at time of analysis.
body-parser is Node.js body parsing middleware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Denial of service in body-parser npm middleware allows unauthenticated remote attackers to submit arbitrarily large HTTP request bodies when the package is misconfigured with an invalid `limit` option value. Affected versions span both the 1.x line (prior to 1.20.6) and 2.x line (prior to 2.3.0). The silent misconfiguration failure bypasses all payload size enforcement, enabling an attacker to exhaust server memory and CPU through oversized request flooding - though exploitation requires the specific precondition of an invalid limit setting, reflected accurately in the low CVSS score of 3.7. No public exploit or CISA KEV listing exists at time of analysis.
body-parser is Node.js body parsing middleware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.