Skip to main content

Asymmetric Resource Consumption (Amplification)

CVE-2024-45590

Severity High
Score 7.5/10

Summary

The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Denial of Service when URL encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in Denial of Service.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-405 - Asymmetric Resource Consumption (Amplification)

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

Advisory Timeline

  • Published