CVE-2024-45590: body-parser vulnerable to denial of service when url encoding is enabled
First published: Tue Sep 10 2024(Updated: )
### Impact body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. ### Patches this issue is patched in 1.20.3 ### References
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/body-parser | <1.20.3 | 1.20.3 |
| body-parser | <1.20.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
- https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
- https://nvd.nist.gov/vuln/detail/CVE-2024-45590
- https://github.com/advisories/GHSA-qwcr-r2fm-qrc7 (Advisory)
- https://www.ibm.com/support/pages/node/7182403 (Advisory)
- https://access.redhat.com/errata/RHSA-2024:7726
- https://access.redhat.com/errata/RHSA-2024:7725
- https://access.redhat.com/errata/RHSA-2024:8014
- https://access.redhat.com/errata/RHSA-2024:8676
- https://access.redhat.com/errata/RHSA-2024:9583
- https://access.redhat.com/errata/RHSA-2024:10186
- https://access.redhat.com/errata/RHSA-2024:10906
- https://access.redhat.com/errata/RHSA-2025:0875
- https://bugzilla.redhat.com/show_bug.cgi?id=2311171
Frequently Asked Questions
What is the severity of CVE-2024-45590?
CVE-2024-45590 is classified as a denial of service vulnerability.
How do I fix CVE-2024-45590?
To fix CVE-2024-45590, upgrade body-parser to version 1.20.3 or later.
Which versions of body-parser are affected by CVE-2024-45590?
CVE-2024-45590 affects all versions of body-parser prior to 1.20.3.
What type of attack does CVE-2024-45590 facilitate?
CVE-2024-45590 facilitates denial of service attacks via flooding a server with a large number of requests.
Is CVE-2024-45590 related to url encoding?
Yes, CVE-2024-45590 is specifically vulnerable to denial of service attacks when url encoding is enabled.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-qwcr-r2fm-qrc7
- alias/CVE-2024-45590
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/github-advisory
- agent/remedy
- agent/severity
- agent/description
- agent/trending
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/ibm-support
- source/IBM
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- package-manager/npm
- vendor/openjsf
- canonical/body-parser