Asymmetric Resource Consumption (Amplification)
CVE-2024-45590
Summary
The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Denial of Service when URL encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in Denial of Service.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-405 - Asymmetric Resource Consumption (Amplification)
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
References
Advisory Timeline
- Published